MCAD: A Machine Learning Based Cyberattacks Detector in Software-Defined Networking (SDN) for Healthcare Systems

The healthcare sector deals with sensitive and significant data that must be protected against illegitimate users. Software-defined networks (SDNs) are widely used in healthcare systems to ensure efficient resource utilization, security, optimal network control, and management. Despite such advantages, SDNs suffer from a major issue posed by a wide range of cyberattacks, due to the sensitivity of patients' data. These attacks diminish the overall network performance, and can cause a network failure that might threaten human lives. Therefore, the main goal of our work is to propose a machine learning-based cyberattack detector (MCAD) for healthcare systems, by adapting a layer three (L3) learning switch application to collect normal and abnormal traffic, and then deploy MCAD on the Ryu controller. Our findings are beneficial for enhancing the security of healthcare applications by mitigating the impact of cyberattacks. This work covers the testing of MCAD using a wide spectrum of both ML algorithms and attacks, and provides a performance comparison for every pair of ML algorithms/attacks to illustrate the strengths and weaknesses of different algorithms against a specific attack. The MCAD shows impressive performance, achieving an F1-score of 0.9998 and of 0.9882 on normal and attack classes, respectively, which implies a high level of reliability. MCAD also achieved 5,709,692 samples per second on throughput, which reflects a high-performance real-time system with respect to complexity. Additionally, it showed a positive impact on the network KPIs by increasing the throughput by 609%, and decreasing delay and jitter by 77% and 23%, respectively, compared to attack results.