Detection of Zero-Day Attacks in a Software-Defined LEO Constellation Network Using Enhanced Network Metric Predictions

Dennis Agnew; Ashlee Rice-Bladykas; Janise Mcnair

doi:10.1109/OJCOMS.2024.3481965

IEEE Open Journal of the Communications Society (Jan 2024)

Detection of Zero-Day Attacks in a Software-Defined LEO Constellation Network Using Enhanced Network Metric Predictions

Dennis Agnew,
Ashlee Rice-Bladykas,
Janise Mcnair

Affiliations

Dennis Agnew: ORCiD; Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA
Ashlee Rice-Bladykas: ORCiD; Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA
Janise Mcnair: Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, USA

DOI: https://doi.org/10.1109/OJCOMS.2024.3481965
Journal volume & issue: Vol. 5
pp. 6611 – 6634

Abstract

Read online

SATCOM is crucial for tactical networks, particularly submarines with sporadic communication requirements. Emerging SATCOM technologies, such as low-earth-orbit (LEO) satellite networks, provide lower latency, greater data reliability, and higher throughput than long-distance geostationary (GEO) satellites. Software-defined networking (SDN) has been introduced to SATCOM networks due to its ability to enhance management while strengthening network control and security. In our previous work, we proposed a SD-LEO constellation for naval submarine communication networks, as well as an extreme gradient boosting (XGBoost) machine-learning (ML) approach for classifying denial-of-service attacks against the constellation. Nevertheless, zero-day attacks have the potential to cause major damage to the SATCOM network, particularly the controller architecture, due to the scarcity of data for training and testing ML models due to their novelty. This study tackles this challenge by employing a predictive queuing analysis of the SD-SATCOM controller design to rapidly generate ML training data for zero-day attack detection. In addition, we redesign our singular controller architecture to a decentralized controller architecture to eliminate singular points of failure. To our knowledge, no prior research has investigated using queuing analysis to predict SD-SATCOM controller architecture network performance for ML training to prevent zero-day attacks. Our queuing analysis accelerates the training of ML models and enhances data adaptability, enabling network operators to defend against zero-day attacks without precollected data. We utilized the CatBoost algorithm to train a multi-output regression model to predict network performance statistics. Our method successfully identified and classified normal, non-attack samples and zero-day cyberattacks with over 94% accuracy, precision, recall, and f1-scores.

Published in IEEE Open Journal of the Communications Society

ISSN: 2644-125X (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication; Social Sciences: Transportation and communications
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8782661

About the journal

Abstract

Keywords