Article
Towards a Machine Learning Based Situational Awareness
Framework for Cybersecurity: An SDN Implementation
Yannis Nikoloudakis
1,2
, Ioannis Kefaloukos
2,
* , Stylianos Klados
2
, Spyros Panagiotakis
2
, Evangelos Pallis
2
,
Charalabos Skianis
1
and Evangelos K. Markakis
2
Citation: Nikoloudakis, Y.;
Kefaloukos, I.; Klados, S.;
Panagiotakis, S.; Pallis, E.; Skianis, C.;
Markakis, E.K. Towards a Machine
Learning Based Situational
Awareness Framework for
Cybersecurity: An SDN
Implementation. Sensors 2021, 21,
4939. https://doi.org/10.3390/
s21144939
Academic Editors: Alexios Mylonas
and Nikolaos Pitropakis
Received: 29 June 2021
Accepted: 15 July 2021
Published: 20 July 2021
Publisher’s Note: MDPI stays neutral
with regard to jurisdictional claims in
published maps and institutional affil-
iations.
Copyright: © 2021 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).
1
Department of Information & Communications Systems Engineering, University of the Aegean,
Neo Karlovasi, 83200 Samos, Greece; gnikoloudakis@aegean.gr (Y.N.); cskianis@aegean.gr (C.S.)
2
Electrical and Computer Engineering Department, Hellenic Mediterranean University, Herakleion,
71410 Crete, Greece; s.klados@pasiphae.eu (S.K.); spanag@hmu.gr (S.P.); pallis@pasiphae.eu (E.P.);
markakis@pasiphae.eu (E.K.M.)
* Correspondence: g.kefaloukos@pasiphae.eu
Abstract:
The ever-increasing number of internet-connected devices, along with the continuous evo-
lution of cyber-attacks, in terms of volume and ingenuity, has led to a widened cyber-threat landscape,
rendering infrastructures prone to malicious attacks. Towards addressing systems’ vulnerabilities
and alleviating the impact of these threats, this paper presents a machine learning based situational
awareness framework that detects existing and newly introduced network-enabled entities, utiliz-
ing the real-time awareness feature provided by the SDN paradigm, assesses them against known
vulnerabilities, and assigns them to a connectivity-appropriate network slice. The assessed entities
are continuously monitored by an ML-based IDS, which is trained with an enhanced dataset. Our
endeavor aims to demonstrate that a neural network, trained with heterogeneous data stemming
from the operational environment (common vulnerability enumeration IDs that correlate attacks
with existing vulnerabilities), can achieve more accurate prediction rates than a conventional one,
thus addressing some aspects of the situational awareness paradigm. The proposed framework was
evaluated within a real-life environment and the results revealed an increase of more than 4% in the
overall prediction accuracy.
Keywords:
situational awareness; intrusion detection systems; vulnerability assessment; machine
learning; SDN; software defined networking
1. Introduction
According to a recent European’s Union Agency for Cybersecurity (ENISA) report [
1
],
a 54% increase was reported in the total number of data breaches by midyear 2019, com-
pared to 2018. In addition, 71% of the reported data breaches were financially motivated.
Additionally, according to ENISA’s “Threat Landscape 2020—Information Leakage” re-
port [
2
], organizations experienced an 11% increase in disclosures compared with 2018,
while in 2019 there were 2.013 confirmed data disclosures [3].
One of the most common ways to handle cyber-attacks, as identified by ENISA, is
Intrusion Detection Systems (IDS) [
4
–
6
], but their limitations impair their effectiveness
against several malicious activities. One major limitation is that most of these systems
utilize only a certain type of data as input (e.g., NetFlow v5 data) to perform their pre-
dictions/detections. The complexity and heterogeneity of current infrastructures render
these systems obsolete since, to achieve a holistic operational environment awareness and
provide more accurate predictions, the ingestion of diverse data, gathered from various
sources, is required.
The situational awareness (SA) paradigm seems to be a very promising approach in
the cybersecurity domain since it dictates the collection, fusion, and assessment of hetero-
geneous information from the operational environment to make predictions about possible
Sensors 2021, 21, 4939. https://doi.org/10.3390/s21144939 https://www.mdpi.com/journal/sensors
