@article{mathas_segou_xylouris_christinakis_kourtis_vassilakis_kourtis_2018,
title={Evaluation of Apache Spot's machine learning capabilities in an SDN/NFV enabled environment},
DOI={10.5281/zenodo.3266022},
abstractNote={Software Defined Networking (SDN) and Network Function Virtualisation (NFV) are transforming modern networks towards
a service oriented architecture. At the same time, the cybersecurity industry is rapidly adopting Machine Learning (ML) algorithms to improve detection and mitigation of complex attacks. Traditional intrusion detection systems perform signature based detection, based on well known malicious traffic patterns that signify potential attacks. The main drawback of this method is that attack patterns need to be known in advance and signatures must be preconfigured. Hence, typical systems fail to detect a zero day attack or an attack with unknown signature. This work considers the use of machine learning for advanced anomaly detection, and specifically deploys the Apache Spot ML framework on an SDN/NFV enabled testbed running cybersecurity services as Virtual Network Functions (VNFs). VNFs are used to capture traffic for ingestion by the ML algorithm and apply mitigation measures in case of a detected anomaly. Apache Spot utilises Latent Dirichlet Allocation to identify anomalous traffic patterns in Netflow, DNS and proxy
data. The overall performance of Apache Spot is evaluated by deploying Denial of Service (Slowloris, BoNeSi) and a Data
Exfiltration attack (iodine).},
publisher={Zenodo},
author={Mathas, Christos M. and Segou, Olga E. and Xylouris, Georgios and Christinakis, Dimitris and Kourtis and Vassilakis, Costas and Kourtis, Anastasios},
year={2018},
month={Aug}
}