Crossfire Attack Detection using Deep Learning in Software Defined ITS Networks

Recent developments in intelligent transport systems (ITS) based on smart mobility significantly improves safety and security over roads and highways. ITS networks are comprised of the Internet-connected vehicles (mobile nodes), roadside units (RSU), cellular base stations and conventional core network routers to create a complete data transmission platform that provides real-time traffic information and enable prediction of future traffic conditions. However, the heterogeneity and complexity of the underlying ITS networks raise new challenges in intrusion prevention of mobile network nodes and detection of security attacks due to such highly vulnerable mobile nodes. In this paper, we consider a new type of security attack referred to as crossfire attack, which involves a large number of compromised nodes that generate low-intensity traffic in a temporally coordinated fashion such that target links or hosts (victims) are disconnected from the rest of the network. Detection of such attacks is challenging since the attacking traffic flows are indistinguishable from the legitimate flows. With the support of software-defined networking that enables dynamic network monitoring and traffic characteristic extraction, we develop a machine learning model that can learn the temporal correlation among traffic flows traversing in the ITS network, thus differentiating legitimate flows from coordinated attacking flows. We use different deep learning algorithms to train the model and study the performance using Mininet-WiFi emulation platform. The results show that our approach achieves a detection accuracy of at least 80%.