Abstract:
Cyberattacks are becoming more frequent and sophisticated, making their detection harder. Probe attacks in Software
Defined Networking (SDN) not given much attention by the research community, which represents the starting phase for other
attacks. The attacker scans the network to get the necessary details about hosts and services running in network to launch successful
attacks exploiting vulnerabilities in the system. The issue with probe attacks is that they occur passively and the target system is not
aware of them. On one hand, additional mechanism is required to check the network traffic continuously by embedding switches with
independent agents, which is against the OpenFlow standard. On the other hand, using statistics provided by OpenFlow switches to
the controller, which overloads the controller with the extra task of continuously checking traffic statistics. In this work, a lightweight
detection mechanism proposed that detects probe attacks in real-time using machine learning. Honeypot integrated into the detection
mechanism to detect passive probe attacks by luring attackers through proving fake services and serving as a trigger mechanism that
activates the detection mechanism when necessary. The experimental results show that the proposed mechanism successfully detects
probe attacks in real-time achieving accuracy (94.73%) with the minimum CPU load.
