Enhancing Network Security: Evaluating SDN-Enabled Firewall Solutions and Clustering Analysis Using K-Means through Data-Driven Insights
Abstract
In the face of escalating and increasingly complex cyber threats, enhancing network security has become a critical challenge. This study addresses this issue by investigating the optimization of SDN-enabled firewall solutions using a data-driven approach. The research employs K-Means clustering to analyze attack patterns, aiming to identify and understand distinct patterns for improved firewall effectiveness. Through the clustering process, attack data was classified into three clusters: Cluster 0, indicating concentrated attack sources likely tied to high-activity regions or networks; Cluster 1, representing a dispersed distribution of attacks, pointing to diverse origins; and Cluster 2, linked to specific geographic regions or unique attack behaviors. The clustering efficacy was evaluated using the Silhouette Score (0.606) and the Davies-Bouldin Index (0.614), indicating meaningful and reliable clustering outcomes. These findings provide actionable insights into network threat patterns, enabling the refinement and enhancement of SDN-enabled firewalls. The study contributes to the field by demonstrating the potential of clustering techniques in uncovering patterns overlooked by traditional methods and paving the way for further research into alternative clustering algorithms and broader applications in network security.
Downloads
References
P. Sharma and H. Gupta, “Emerging Cyber Security Threats and Security Applications in Digital Era,” in 2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida: IEEE, May 2024.
Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions ,” Electronics (Basel), vol. 12, no. 6, Mar. 2023.
A. Sharma, B. B. Gupta, A. Kumar Singh, and S. V. K., “Advanced Persistent Threats (APT): evolution, anatomy, attribution and countermeasures,” J Ambient Intell Humaniz Comput, vol. 14, pp. 9355–9381, May 2023.
M. Shokry a, A. Ismail Awad b c d e, M. Khaled Abd-Ellah f, and A. A.M. Khalaf, “Systematic survey of advanced metering infrastructure security: Vulnerabilities, attacks, countermeasures, and future vision,” Future Generation Computer Systems, vol. 136, pp. 358–377, Nov. 2022.
Y. Perwej, S. Q. Abbas, J. Pratap Dixit, N. Akhtar, and A. K. Jaiswal, “A Systematic Literature Review on the Cyber Security,” International Journal of Scientific Research and Management, vol. 9, no. 12, pp. 669–710, 2021.
A. Annarelli, F. Nonino, and G. Palombi, “Understanding the management of cyber resilient systems,” Comput Ind Eng, vol. 149, Nov. 2020.
R. Mazzolin and A. Madni Samueli, “A Survey of Contemporary Cyber Security Vulnerabilities and Potential Approaches to Automated Defence,” in 2020 IEEE International Systems Conference (SysCon), Montreal: IEEE, Dec. 2020.
K. Shaukat, S. Luo, V. Varadharajan, I. A. Hameed, and M. Xu, “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, pp. 222310–222354, Nov. 2020.
U. Ikechukwu Okoli, O. Chimezie Obi, A. Okechukwu Adewusi, and T. Oluwaseun Abrahams, “Machine learning in cybersecurity: A review of threat detection and defense mechanisms,” World Journal of Advanced Research and Reviews, vol. 21, no. 1, pp. 2286–2295, 2024.
F. Akowuah and F. Kong, “Real-Time Adaptive Sensor Attack Detection in Autonomous Cyber-Physical Systems,” in 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS), Nashville: IEEE, Jul. 2021.
R. Sultana, J. Grover, and M. Tripathi, “Security of SDN-based vehicular ad hoc networks: State-of-the-art and challenges,” Vehicular Communications, vol. 27, p. 100284, Jan. 2021, doi: 10.1016/j.vehcom.2020.100284.
S. Ahmad and A. H. Mir, “Scalability, Consistency, Reliability and Security in SDN Controllers: A Survey of Diverse SDN Controllers,” Journal of Network and Systems Management, vol. 29, no. 1, p. 9, Jan. 2021, doi: 10.1007/s10922-020-09575-4.
R. Deb and S. Roy, “A comprehensive survey of vulnerability and information security in SDN,” Computer Networks, vol. 206, p. 108802, Apr. 2022, doi: 10.1016/j.comnet.2022.108802.
O. Yurekten and M. Demirci, “SDN-based cyber defense: A survey,” Future Generation Computer Systems, vol. 115, pp. 126–149, Feb. 2021, doi: 10.1016/j.future.2020.09.006.
A. Shaghaghi, M. A. Kaafar, R. Buyya, and S. Jha, “Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions,” in Handbook of Computer Networks and Cyber Security, Cham: Springer International Publishing, 2020, pp. 341–387. doi: 10.1007/978-3-030-22277-2_14.
A.-D. Tudosi, A. Graur, D. G. Balan, and A. D. Potorac, “Research on Security Weakness Using Penetration Testing in a Distributed Firewall,” Sensors, vol. 23, no. 5, p. 2683, Mar. 2023, doi: 10.3390/s23052683.
M. Rahouti, K. Xiong, Y. Xin, S. K. Jagatheesaperumal, M. Ayyash, and M. Shaheed, “SDN Security Review: Threat Taxonomy, Implications, and Open Challenges,” IEEE Access, vol. 10, pp. 45820–45854, 2022, doi: 10.1109/ACCESS.2022.3168972.
J. C. Correa Chica, J. C. Imbachi, and J. F. Botero Vega, “Security in SDN: A comprehensive survey,” Journal of Network and Computer Applications, vol. 159, p. 102595, Jun. 2020, doi: 10.1016/j.jnca.2020.102595.
J. Cunha et al., “Enhancing Network Slicing Security: Machine Learning, Software-Defined Networking, and Network Functions Virtualization-Driven Strategies,” Future Internet, vol. 16, no. 7, p. 226, Jun. 2024, doi: 10.3390/fi16070226.
A. M. Rifai, S. Raharjo, E. Utami, and D. Ariatmanto, “Analysis for diagnosis of pneumonia symptoms using chest X-ray based on MobileNetV2 models with image enhancement using white balance and contrast limited adaptive histogram equalization (CLAHE),” Biomed Signal Process Control, vol. 90, p. 105857, Apr. 2024, doi: 10.1016/j.bspc.2023.105857.
T. Han et al., “A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers,” Concurr Comput, vol. 32, no. 16, Aug. 2020, doi: 10.1002/cpe.5300.
K. Kallepalli and U. B. Chaudhry, “Intelligent Security: Applying Artificial Intelligence to Detect Advanced Cyber Attacks,” 2021, pp. 287–320. doi: 10.1007/978-3-030-87166-6_11.
R. Gupta, S. Tanwar, S. Tyagi, and N. Kumar, “Machine Learning Models for Secure Data Analytics: A taxonomy and threat model,” Comput Commun, vol. 153, pp. 406–440, Mar. 2020, doi: 10.1016/j.comcom.2020.02.008.
Md. Zubair, MD. A. Iqbal, A. Shil, M. J. M. Chowdhury, M. A. Moni, and I. H. Sarker, “An Improved K-means Clustering Algorithm Towards an Efficient Data-Driven Modeling,” Annals of Data Science, Jun. 2022, doi: 10.1007/s40745-022-00428-2.
O. I. Al-Sanjary, M. A. Bin Roslan, R. A. A. Helmi, and A. A. Ahmed, “Comparison and Detection Analysis of Network Traffic Datasets Using K-Means Clustering Algorithm,” Journal of Information & Knowledge Management, vol. 19, no. 03, p. 2050026, Sep. 2020, doi: 10.1142/S0219649220500264.
A. Parizad and C. J. Hatziadoniu, “Cyber-Attack Detection Using Principal Component Analysis and Noisy Clustering Algorithms: A Collaborative Machine Learning-Based Framework,” IEEE Trans Smart Grid, vol. 13, no. 6, pp. 4848–4861, Nov. 2022, doi: 10.1109/TSG.2022.3176311.
B. Shreeve, C. Gralha, A. Rashid, J. Araújo, and M. Goulão, “Making Sense of the Unknown: How Managers Make Cyber Security Decisions,” ACM Transactions on Software Engineering and Methodology, vol. 32, no. 4, pp. 1–33, Jul. 2023, doi: 10.1145/3548682.
M. Arunkumar and K. Ashok Kumar, “Malicious attack detection approach in cloud computing using machine learning techniques,” Soft comput, vol. 26, no. 23, pp. 13097–13107, Dec. 2022, doi: 10.1007/s00500-021-06679-0.
M. Shakil, A. Fuad Yousif Mohammed, R. Arul, A. K. Bashir, and J. K. Choi, “A novel dynamic framework to detect DDoS in SDN using metaheuristic clustering,” Transactions on Emerging Telecommunications Technologies, vol. 33, no. 3, Mar. 2022, doi: 10.1002/ett.3622.
D. Bringhenti, G. Marchetto, R. Sisto, F. Valenza, and J. Yusupov, “Automated Firewall Configuration in Virtual Networks,” IEEE Trans Dependable Secure Comput, vol. 20, no. 2, pp. 1559–1576, Mar. 2023, doi: 10.1109/TDSC.2022.3160293.
M. Landauer, F. Skopik, M. Wurzenberger, and A. Rauber, “System log clustering approaches for cyber security applications: A survey,” Comput Secur, vol. 92, p. 101739, May 2020, doi: 10.1016/j.cose.2020.101739.
M. Landauer, F. Skopik, M. Wurzenberger, and A. Rauber, “System log clustering approaches for cyber security applications: A survey,” Comput Secur, vol. 92, p. 101739, May 2020, doi: 10.1016/j.cose.2020.101739.
J. Jacobs and B. Rudis, “DDS Dataset Collection Honeypots,” Mar. 2014.
A. A. J. Al-Abadi, M. B. Mohamed, and A. Fakhfakh, “Enhanced Random Forest Classifier with K-Means Clustering (ERF-KMC) for Detecting and Preventing Distributed-Denial-of-Service and Man-in-the-Middle Attacks in Internet-of-Medical-Things Networks,” Computers, vol. 12, no. 12, p. 262, Dec. 2023, doi: 10.3390/computers12120262.
M. S. El Sayed, N.-A. Le-Khac, M. A. Azer, and A. D. Jurcut, “A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs,” IEEE Trans Cogn Commun Netw, vol. 8, no. 4, pp. 1862–1880, Dec. 2022, doi: 10.1109/TCCN.2022.3186331.
A. O. Salau and M. M. Beyene, “Software defined networking based network traffic classification using machine learning techniques,” Sci Rep, vol. 14, no. 1, p. 20060, Aug. 2024, doi: 10.1038/s41598-024-70983-6.
L. Wang, J. Yang, X. Xu, and P.-J. Wan, “Mining Network Traffic with the k ‐Means Clustering Algorithm for Stepping‐Stone Intrusion Detection,” Wirel Commun Mob Comput, vol. 2021, no. 1, Jan. 2021, doi: 10.1155/2021/6632671.
A. Fahim, “K and starting means for k-means algorithm,” J Comput Sci, vol. 55, p. 101445, Oct. 2021, doi: 10.1016/j.jocs.2021.101445.
H. Kim, H. K. Kim, and S. Cho, “Improving spherical k-means for document clustering: Fast initialization, sparse centroid projection, and efficient cluster labeling,” Expert Syst Appl, vol. 150, p. 113288, Jul. 2020, doi: 10.1016/j.eswa.2020.113288.
Y. Liu, S. Ma, and X. Du, “A Novel Effective Distance Measure and a Relevant Algorithm for Optimizing the Initial Cluster Centroids of K-means,” IEEE Access, pp. 1–1, 2024, doi: 10.1109/ACCESS.2020.3044069.
R. Kusumastuti, E. Bayunanda, A. M. Rifa’i, M. R. G. Asgar, F. I. Ilmawati, and K. Kusrini, “Clustering Titik Panas Menggunakan Algoritma Agglomerative Hierarchical Clustering (AHC),” CogITo Smart Journal, vol. 8, no. 2, pp. 501–513, Dec. 2022, doi: 10.31154/cogito.v8i2.438.501-513.
Copyright (c) 2025 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;
