Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns -hence, lacking in attack diversity.In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.
Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center's network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for manufacturers to address it. Therefore, deploying Intrusion Detection Systems (IDSs) to monitor malicious activities is a crucial part of the network architecture. Although the centralized view of the SDN network creates new opportunities for the implementation of IDSs, the performance of these detection techniques relies on the quality of the training datasets. Unfortunately, there are no publicly available datasets that can be used directly for anomaly detection systems applied in SDN networks. The majority of the published studies use non-compatible and outdated datasets, such as the KDD'99 dataset. This manuscript aims to generate an attack-specific SDN dataset and it is publicly available to the researchers. To the best of our knowledge, our work is one of the first solutions to produce a comprehensive SDN dataset to verify the performance of intrusion detection systems. The new dataset includes the benign and various attack categories that can occur in the different elements of the SDN platform. Further, we demonstrate the use of our proposed dataset by performing an experimental evaluation using eight popular machine-learning-based techniques for IDSs.
Internet of Things (IoT) and 5G are emerging technologies that prompt a mobile service platform capable of provisioning billions of communication devices which enable ubiquitous computing and ambient intelligence. These novel approaches are guaranteeing gigabit-level bandwidth, ultra-low latency and ultra-high storage capacity for their subscribers. To achieve these limitations, ETSI has introduced the paradigm of Multi-Access Edge Computing (MEC) for creating efficient data processing architecture extending the cloud computing capabilities in the Radio Access Network (RAN). Despite the gained enhancements to the mobile network, MEC is subjected to security challenges raised from the heterogeneity of IoT services, intricacies in integrating virtualization technologies, and maintaining the performance guarantees of the mobile networks (i.e. 5G). In this paper, we are identifying the probable threat vectors in a typical MEC deployment scenario that comply with the ETSI standards. We analyse the identified threat vectors and propose solutions to mitigate them.
The European Telecommunications Standards Institute (ETSI) has introduced the paradigm of Multi-Access Edge Computing (MEC) to enable efficient and fast data processing in mobile networks. Among other technological requirements, security and privacy are significant factors in the realization of MEC deployments. In this paper, we analyse the security and privacy of the MEC system. We introduce a thorough investigation of the identification and the analysis of threat vectors in the ETSI standardized MEC architecture. Furthermore, we analyse the vulnerabilities leading to the identified threat vectors and propose potential security solutions to overcome these vulnerabilities. The privacy issues of MEC are also highlighted, and clear objectives for preserving privacy are defined. Finally, we present future directives to enhance the security and privacy of MEC services.
Interconnecting "things" and devices that takes the form of wearables, sensors, actuators, mobiles, computers, meters, or even vehicles is a critical requirement for the current era. These inter-networked connections are serving the emerging applications home and building automation, smart cities and infrastructure, smart industries, and smart-everything. However, the security of these connected Internet of things (IoT) plays a centric role with no margin for error. After a review of the relevant, online literature on the topic and after looking at the market trends and developments, one can notice that there are still concerns with regard to security in IoT products and services. This paper is focusing on a survey on IoT security and aims to highlight the most significant problems related to safety and security in the IoT ecosystems. This survey identifies the general threat and attack vectors against IoT devices while highlighting the flaws and weak points that can lead to breaching the security. Furthermore, this paper presents solutions for remediation of the compromised security, as well as methods for risk mitigation, with prevention and improvement suggestions.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.