Skip to content
/ Anomaly_dectection_ML_SDN_Ryu Public

A prototype for an architecture that uses Machine Learning to detect abnormalities in the SDN network packet flow, built by Ryu SDN and mininet

11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hainamt/Anomaly_dectection_ML_SDN_Ryu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github/workflows
.github/workflows
 
 
Controller
Controller
 
 
Models
Models
 
 
Supervisor
Supervisor
 
 
Topology
Topology
 
 
README.md
README.md
 
 

Repository files navigation

Anomaly Detection ML-SDN-based

Topology

Tools

Environment setting

  • Set up Shared Folder (VM VirtualBox) between Mininet Server and Controller's server
  • Run Controller application from Ryu Controller:
ryu-manager --observe-links --verbose Topo_to_Mongo.py ofctl_rest.py
  • In the mininet server, use Topology/SplTp.py to build the topology and connect to the Ryu Controller:
sudo mn --custom SplTp.py --topo Simple_Topo --controller=remote,ip={ip address of the controller's server}
  • Run the ML Engine from Supervisor:
python StartSupervisor.py
  • In the mininet server, run:
  • Topology/CICTrigger/CICTrigger.sh - a script with inotify tool for dectecting new PCAP files:
sudo ./CICTrigger.sh
  • Or Topology/Script PCAP to CSV/TsharkCIC.py - for the same purpose
  • If using the first option, in the mininet server, run Wireshark to capture the interfaces that need to be monitored, In the mininet server, set Wireshark to run continuously at arbitrary intervals and save with "Flow.pcap".

How it works

⚠️ WARNING: This is a bad pipeline, it should be optimized with a message queuing system like Kafka

  1. The pcap files will be saved with the format "Flow_{index}_{year}{month}{date}{hour}{minute}{second}.pcap"
  2. The inotify tool in CICTrigger.sh will detect those PCAP files and automatically call the CICFlowMeter tool to convert those files into CSV Files with predefined features
  3. The shared folder is used to send those CSV files directly to a repository in the Controller's server
  4. Those csv files will be recognized and read by StartSupervisor.py through their index, they will be converted one last time to Dataframe and go through a trained ML model, sending out the prediction's result
  5. If a source IP address is determined to be anomalous, the application will response with some actions in ManipAPI.Reaction. In this python file, 2 actions can be performed to indirectly modify flow entry of OpenFlow Switch by REST API (depending on the application running with the Controller):
  • Interact with rest_firewall
  • Interact with ofctl_rest

About

A prototype for an architecture that uses Machine Learning to detect abnormalities in the SDN network packet flow, built by Ryu SDN and mininet

Topics

machine-learning sdn ryu-sdn-controller

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages