Suspicious traffic sampling for intrusion detection in software-defined networks

Ha, Taejin; Kim, Sunghwan; An, Namwon; Narantuya, Jargalsaikhan; Jeong, Chiwook; Kim, Jong-Won; Lim, Hyuk

doi:10.1016/j.comnet.2016.05.019

Cited by 62 publications

(38 citation statements)

References 6 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The performance of the proposed work is analysed in terms of accuracy, sensitivity, specificity and execution time. The experimental outcome of the proposed approach is compared against anti-DDoS [5], DDoS attack protection [14], suspicious traffic sampling [15].…”

Section: Resultsmentioning

confidence: 99%

“…This work serves better but the false positive rates are bit higher, so as to improve the accuracy rates. A traffic sampling strategy is proposed in [15], which computes the average sampling rate for each and every switch and the traffic flow is sampled based on the sampling rates. The traffic flow sampling is attained by SDN based framework.…”

Section: Review Of Literaturementioning

confidence: 99%

See 1 more Smart Citation

SDN Based DDoS Attack Detection System by Exploiting Ensemble Classification for Cloud Computing

Vimala¹,

Dhas²

2018

IJIES

View full text Add to dashboard Cite

The usage of cloud computing is skyrocketing now-a-days and so is the network traffic. The adversaries intend to attack the cloud servers due to some intentional reasons. The most frequent attack is the data theft, which is followed by the DDoS attack. Though numerous solutions exist to handle DDoS attack, SDN based solutions for cloud computing is scarce. Understanding the need of the DDoS attack detection system, this work proposes a SDN based solution for detecting DDoS attacks in cloud computing environment, which relies on ensemble classifier. This work collects the real time traffic data with the help of Wireshark network analyser tool. The ensemble classification relies on the classifiers k-Nearest Neighbour (k-NN), Support Vector Machine (SVM) and Extreme Learning Machine (ELM). The performance of the proposed approach is analysed in terms of accuracy, sensitivity, specificity and the results are compared with the existing approaches. Additionally, in order to prove the potentiality of the ensemble classification, this work employs the classifier individually and the results are compared. Finally, the average attack detection time is measured and compared. From the experimental results, it is observed that the proposed approach proves better results in terms of accuracy, sensitivity and specificity.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Review Of Literaturementioning

confidence: 99%

SDN Based DDoS Attack Detection System by Exploiting Ensemble Classification for Cloud Computing

Vimala¹,

Dhas²

2018

IJIES

View full text Add to dashboard Cite

show abstract

“…The data could be difficult to be managed efficiently by on-hand techniques, tools and devices. To mitigate this issue, traffic sampling is a potential solution for deploying IDSs in a large-sized network [14]. In addition, pre-filtration can be considered to reduce unwanted traffic and lighten the processing burden [27], [30].…”

Section: Discussion and Challengesmentioning

confidence: 99%

“…IDSs have also been applied for SDN applications. For example, Ha et al [14] developed a traffic sampling strategy to reduce the processing capability of an IDS in SDN, which samples traffic flows according to defined sampling rates. AlEroud and Alsmadi [1] proposed a detection approach to identify DoS attack in a SDN environment, using an inference mechanism and a packet aggregation technique to create attack signatures and predict attacks.…”

Section: B Related Workmentioning

confidence: 99%

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

Meng

Choo

Furnell

et al. 2018

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, softwaredefined networks (SDN) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches.

show abstract

“…Kawahara et al use sampled traffic to obtain flow statistics to detect traffic anomalies. Ha et al propose a strategy to determine the optimal sampling rate for the traffic to be inspected by the IDS to not exceed the capacity of the IDS. They hence formulated an optimization problem that determines packet sampling rate for each switch in the SDN network such that the IDS is not overloaded.…”

Section: Related Workmentioning

confidence: 99%

A holistic approach to mitigating DoS attacks in SDN networks

Dridi

Zhani

2017

Int J Network Mgmt

View full text Add to dashboard Cite

SummarySoftware-defined networking (SDN) has recently emerged as a new networking technology offering an unprecedented programmability that allows network operators to dynamically manage their infrastructures. However, despite these benefits, deny-of-service (DoS) attacks are considered a major threat to such networks, as they can easily overload the SDN controller and flood switch forwarding tables, resulting in a critical degradation of the network performance. To address this issue, we propose SDN-Guard, a novel holistic approach to protect SDN networks against DoS attacks. Software-defined networking-Guard leverages an intrusion detection system (IDS) to detect potential DoS attacks and then efficiently mitigate their impact by dynamically (1) rerouting malicious traffic, (2) adjusting flow time-outs, and (3) aggregating flow rules. This paper extends our previous work by proposing solutions to minimize the switch-to-IDS traffic without impacting the IDS accuracy. We hence propose to use sampling techniques and devise an integer linear program to find the optimal placement for the IDS and to determine the switches that should mirror the flows towards it so as to minimize network bandwidth consumption. Extensive experiments using Mininet show that SDN-Guard maintains network performance during DoS attacks and succeeds in reducing by up to 32% their impact on controller performance, usage of switch forwarding tables, and control plane bandwidth. Furthermore, our results show that carefully placing the IDS and selecting the switches mirroring, the traffic can reduce by up to 90% the switch-to-IDS traffic. They also show that the IDS accuracy remains at 100% by analyzing only 11% of the network traffic.

show abstract

Suspicious traffic sampling for intrusion detection in software-defined networks

Cited by 62 publications

References 6 publications

SDN Based DDoS Attack Detection System by Exploiting Ensemble Classification for Cloud Computing

SDN Based DDoS Attack Detection System by Exploiting Ensemble Classification for Cloud Computing

Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

A holistic approach to mitigating DoS attacks in SDN networks

Contact Info

Product

Resources

About