Citadel: Cyber threat intelligence assisted defense system for software-defined networks

Yürekten, Özgür; Demirci, Mehmet

doi:10.1016/j.comnet.2021.108013

Cited by 8 publications

(3 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Eshete et al [19] introduced the known attacks of a system and the intelligence information provided by similar system entities and constructed a query graph of the attack, which transforms threat detection into a graph-pattern-matching problem, enabling reliable detection of network attacks. Yurekten et al [20] integrated the concepts of cyber entity intelligence, network function virtualization (NFC), and business function chaining (SFC) into an automated defense system of software-defined networks, which can evaluate defense strategies based on intelligence, in which one can choose to apply one or more network-level automated defense solutions to ensure that the defense system is scalable while increasing the intensity of attack processing. Gao et al [21] proposed a pipeline technology for extracting threat intelligence in entity intelligence and the correlation between intelligence and for drawing threat behavior maps for threat discovery.…”

Section: Anomaly Detection Based On Network Entity Intelligencementioning

confidence: 99%

Detecting ShadowsocksR User Based on Intelligence of Cyber Entities

Zhang¹,

Dong²,

Jin³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

ShadowsocksR (SSR), as a typical emerging anonymous communication tool, may record user information on the SSR client or server, leading to the theft of the user’s privacy, and may be used by attackers to anonymize their internal network environment and organization, which will cause serious damage to data security and bring severe challenges to security defense and threat assessment within organizations. To solve the problem of accurately and effectively discovering SSR users within an organization in a real traffic environment, in this paper, we propose an SSR user detection method based on network entity intelligence as follows: (1) According to the communication characteristics of SSR users, relevant network entity intelligence information from inside and outside the organization is obtained, such as the distribution of IP addresses within and outside the organization, and the differences between SSR and non-SSR users are analyzed to construct a feature space. (2) The communication behaviors of SSR and non-SSR users are further analyzed and features are extracted from the perspective of traffic behavior analysis, and the feature space of the SSR user detection model is expanded. (3) A data-driven machine-learning-based approach is designed and implemented to provide suggestions for the automatic identification of SSR users based on the extracted feature vectors. Results show that the detection method proposed in this paper has a detection accuracy of more than 95% for SSR users in the experimental environment, can accurately distinguish between SSR communication and normal communication, and can achieve accurate SSR user detection.

show abstract

Section: Anomaly Detection Based On Network Entity Intelligencementioning

confidence: 99%

Detecting ShadowsocksR User Based on Intelligence of Cyber Entities

Zhang¹,

Dong²,

Jin³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…e CTI sharing and exchange in a cooperative approach promises to be the most effective method to maximize the benefit of CTI through improving the issue of information islands, which means the CTI generated from partner organizations can aid cybersecurity policymakers in making decisions. To meet the needs of CTI sharing, the stakeholders have formulated a series of standards for the exchange of threat intelligence, such as STIX, IODEF, and OpenIoC [2]. e typical application structure of the CTI sharing system is shown in Figure 2.…”

Section: Introductionmentioning

confidence: 99%

A Reputation-Based Approach Using Consortium Blockchain for Cyber Threat Intelligence Sharing

Zhang

Miao

Xue

2022

Security and Communication Networks

View full text Add to dashboard Cite

The CTI (Cyber Threat Intelligence) sharing and exchange is an effective method to improve the responsiveness of the protection party. Blockchain technology enables sharing collaboration consortium to conduct a trusted CTI sharing and exchange without a centralized institution. However, the distributed connectivity of the blockchain-based CTI sharing model proposed before exposes the systems to byzantine attacks. The compromised members of partner organizations will further decrease the accuracy and trust level of CTI by generating false reporting. This paper proposes a new blockchain-based CTI model to address the unbalance issues of performance in speed, scalability, and security, which combines consortium blockchain and distributed reputation management systems to achieve automated analysis and response of tactical threat intelligence. In addition, the novel consensus algorithm of consortium blockchain that is fit for CTI sharing and exchange is introduced in this paper. The new consensus algorithm is called “Proof-of Reputation” (PoR) consensus, which meets the requirements of transaction rate and makes the consensus in a creditable network environment through constructing a reputation model. Finally, the effectiveness and security performance of the proposed model and consensus algorithm is verified by experiments.

show abstract

“…2 illustrates some critical security threats in SDN. Some of them are popular in the present networks and some other threats are more specific in SDN [6]. But the most dangerous attack is the one which exploits any vulnerability to access the controller and thus destroys the entire network.…”

Section: Introductionmentioning

confidence: 99%

Enhanced Security of Software-defined Network and Network Slice Through Hybrid Quantum Key Distribution Protocol

Mahdi¹,

Abdullah²

2022

Infocommunications journal

View full text Add to dashboard Cite

Software-defined networking (SDN) has revolutionized the world of technology as networks have become more flexible, dynamic and programmable. The ability to conduct network slicing in 5G networks is one of the most crucial features of SDN implementation. Although network programming provides new security solutions of traditional networks, SDN and network slicing also have security issues, an important one being the weaknesses related to openflow channel between the data plane and controller as the network can be attacked via the openflow channel and exploit communications with the control plane. Our work proposes a solution to provide adequate security for openflow messages through using a hybrid key consisting of classical and quantum key distribution protocols to provide double security depending on the computational complexity and physical properties of quantum. To achieve this goal, the hybrid key used with transport layer security protocol to provide confidentiality, integrity and quantum authentication to secure openflow channel. We experimentally based on the SDN-testbed and network slicing to show the workflow of exchanging quantum and classical keys between the control plane and data plane and our results showed the effectiveness of the hybrid key to enhance the security of the transport layer security protocol. Thereby achieving adequate security for openflow channel against classical and quantum computer attacks.

show abstract

Citadel: Cyber threat intelligence assisted defense system for software-defined networks

Cited by 8 publications

References 27 publications

Detecting ShadowsocksR User Based on Intelligence of Cyber Entities

Detecting ShadowsocksR User Based on Intelligence of Cyber Entities

A Reputation-Based Approach Using Consortium Blockchain for Cyber Threat Intelligence Sharing

Enhanced Security of Software-defined Network and Network Slice Through Hybrid Quantum Key Distribution Protocol

Contact Info

Product

Resources

About