Committee Chair

Kandah, Farah

Committee Member

Yang, Li; Skjellum, Anthony


Dept. of Computer Science and Engineering


College of Engineering and Computer Science


University of Tennessee at Chattanooga

Place of Publication

Chattanooga (Tenn.)


The emergence of Software-Defined Networking (SDN) has brought along a wave of new technologies and developments in the field of networking with hopes of dealing with network resources more efficiently and providing a foundation of programmability. SDN allows for both flexibility and adaptability by separating the control and data planes in a network environment by virtualizing network hardware. Threat hunting is a technique that allows for the detection of advanced network threats through forensic analysis. We present an advanced threat hunting model by combining the SDN infrastructure with threat hunting techniques and machine learning models aiming to intelligently handle advanced network threats such as lateral movement. We found that our approach outperforms current threat hunting models in vital areas such as the detection to mitigation time. Our results show that we are able to detect advanced threats with 93.4% accuracy and begin mitigation within 10 seconds of detection.


My research and academic career in both my years as a graduate and undergraduate student could not be possible without the ongoing support from incredible professors. First, my professor and advisor Farah Kandah has been invaluable with his continuous support in research and academic guidance. With his guidance I have become more prepared to approach future research work and a career. Second, my professor Li Yang has been a constant support system in pointing me in the right direction in my career and academic pursuits. I can’t say I would be where I am now without the continued help from both professors and many more faculty at the University of Tennessee at Chattanooga. I would also like to thank Anthony Skjellum for both serving on my committee while also providing great insight into the field of computer science.


M. S.; A thesis submitted to the faculty of the University of Tennessee at Chattanooga in partial fulfillment of the requirements of the degree of Master of Science.




Software-defined networking (Computer network technology); Computational intelligence; Computer networks -- Security measures


Software-defined networking; Threat hunting; Machine learning; Gradient-boosting

Document Type

Masters theses


ix, 38 leaves




Under copyright.