Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach

Aleroud, Ahmed; Alsmadi, Izzat

doi:10.1016/j.jnca.2016.12.024

Cited by 58 publications

(28 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(see Section V-A2) 1) Simulated Environment Evaluation: In this evaluation, we simulated a SDN environment in our lab to explore the feasibility of our approach. In particular, we used OpenDay-Ligh (ODL) 1 as the SDN controller (on a server with an Intel(R) Core (TM)2, Quad CPU 2.66GHz), and Open vSwitch (OVS) 2 as SDN-enabled switches. We used the open source Snort to detect malicious traffic.…”

Section: A Methodology and Experimental Resultsmentioning

confidence: 99%

“…For example, Ha et al [14] developed a traffic sampling strategy to reduce the processing capability of an IDS in SDN, which samples traffic flows according to defined sampling rates. AlEroud and Alsmadi [1] proposed a detection approach to identify DoS attack in a SDN environment, using an inference mechanism and a packet aggregation technique to create attack signatures and predict attacks.…”

Section: B Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Meng

Choo

Furnell

et al. 2018

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, softwaredefined networks (SDN) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches.

show abstract

Section: A Methodology and Experimental Resultsmentioning

confidence: 99%

Section: B Related Workmentioning

confidence: 99%

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Meng

Choo

Furnell

et al. 2018

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Other algorithms to detect DDoS attacks, such as SVM, were used in [15,16] and produced better results. An ensemble of graph theory algorithms based on KNN was used by ALEroud and Alsmadi to detect anomalous flow in SDNs [17]. An algorithm based on the variation of the entropy of the destination IP addresses of the flow in an SDN was proposed by Mousavi et al [18] to detect early DDoS attacks.…”

Section: Related Workmentioning

confidence: 99%

Recurrent Neural Network Model Based on a New Regularization Technique for Real-Time Intrusion Detection in SDN Environments

Albahar

2019

Security and Communication Networks

View full text Add to dashboard Cite

Software-defined networking (SDN) is a promising approach to networking that provides an abstraction layer for the physical network. This technology has the potential to decrease the networking costs and complexity within huge data centers. Although SDN offers flexibility, it has design flaws with regard to network security. To support the ongoing use of SDN, these flaws must be fixed using an integrated approach to improve overall network security. Therefore, in this paper, we propose a recurrent neural network (RNN) model based on a new regularization technique (RNN-SDR). This technique supports intrusion detection within SDNs. The purpose of regularization is to generalize the machine learning model enough for it to be performed optimally. Experiments on the KDD Cup 1999, NSL-KDD, and UNSW-NB15 datasets achieved accuracies of 99.5%, 97.39%, and 99.9%, respectively. The proposed RNN-SDR employs a minimum number of features when compared with other models. In addition, the experiments also validated that the RNN-SDR model does not significantly affect network performance in comparison with other options. Based on the analysis of the results of our experiments, we conclude that the RNN-SDR model is a promising approach for intrusion detection in SDN environments.

show abstract

“…It is in actual a trust-based technique that helps to enhance the serving rate and it serves about 43% more than the conventional FCFS (First come First Serve) policy. In [12], a comprehensive discussion is presented on intrusion base detection, which illustrates detailed behavior of a DDoS attack and its effect on SDN. The re-active mode of SDN has advantages in large networks because the switch does not have to maintain large flow tables.…”

Section: Figure 2: Taxonomy Of Ddos Mitigation In Sdnmentioning

confidence: 99%

Detection and Prevention of DDoS attacks on Software Defined Networks Controllers for Smart Grid

Ahmed¹,

Afaqui²,

Humayun³

2019

IJCA

View full text Add to dashboard Cite

With the evolution of smart grid, the operations, planning and maintenance of an electric grid have improved. On the contrary, smart grid totally relies on the computer network so there is a need of complex and efficient network management. Software defined networks (SDN) is a completely new modern architecture that allows the network to be centrally controlled or explicitly programmed using software applications. Traditionally in computer networks, the routing and switching decisions are implemented on a dedicated hardware. This hardware can be a switch or a router. But with the evolution of Software defined networks, the routing and switching function has been separated and is classified in Control and data planes respectively. Generally, in SDN, the control plane is centralized and is responsible to make a decision on what to do with the incoming packet. Once the decision is made, it is saved in the forwarding table of a switch on the data plane. While Software Defined Network (SDN) has its advantages of central management, programmability, agility and vendor neutrality, they carry a high risk of Distributed Denial of Service attack (DDoS). Centralized nature of the control plane in SDN is a huge risk factor because the attacker may bombard the control plane with malicious packets resulting in a single point of failure of the control plane. If the control plane fails, the entire smart grid network will collapse resulting in a massive outage and financial loss to the stakeholders. In this paper, we have devised a distributed approach, using blockchains, to detect and prevent DDoS attacks on the centralized control plane of SDN. We have simulated our approach using AnyLogic simulator and the results show that the proposed approach is more efficient as compared the existing techniques as it substantially reduces the risk of DDoS attacks and SDN controller overhead.

show abstract

Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach

Cited by 58 publications

References 34 publications

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Recurrent Neural Network Model Based on a New Regularization Technique for Real-Time Intrusion Detection in SDN Environments

Detection and Prevention of DDoS attacks on Software Defined Networks Controllers for Smart Grid

Contact Info

Product

Resources

About