Data-driven software defined network attack detection : State-of-the-art and perspectives

Abstract SDN (Software Defined Network) has emerged as a revolutionary technology in network, a substantial amount of researches have been dedicated to security of SDNs to support their various applications. The paper firstly analyzes State-of-the-Art of SDN security from data perspectives. Then some typical network attack detection (NAD) methods are surveyed, including machine learning based methods and statistical methods. After that, a novel tensor based network attack detection method named tensor principal component analysis (TPCA) is proposed to detect attacks. After surveying the last data-driven SDN frameworks, a tensor based big data-driven SDN attack detection framework is proposed for SDN security. In the end, a case study is illustrated to verify the effectiveness of the proposed framework.

[1]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[2]  Ren Yilong Detecting method for DDoS attack based on wavelet analysis , 2012 .

[3]  Daniel S. Yeung,et al.  A covariance analysis model for DDoS attack detection , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[4]  Ali Selamat,et al.  An Evaluation on KNN-SVM Algorithm for Detection and Prediction of DDoS Attack , 2016, IEA/AIE.

[5]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2014, IEEE Transactions on Parallel and Distributed Systems.

[6]  Ali Ridho Barakbah,et al.  Intrusion Detection with On-line Clustering Using Reinforcement Learning , 2014 .

[7]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[8]  Aamir Shahzad,et al.  Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach , 2013, ICUIMC '13.

[9]  Chia-Mei Chen,et al.  Attack Sequence Detection in Cloud Using Hidden Markov Model , 2012, 2012 Seventh Asia Joint Conference on Information Security.

[10]  Laurence T. Yang,et al.  PPHOPCM: Privacy-Preserving High-Order Possibilistic c-Means Algorithm for Big Data Clustering with Cloud Computing , 2017, IEEE Transactions on Big Data.

[11]  Qing Zhu,et al.  Privacy-Preserving Tensor Decomposition Over Encrypted Data in a Federated Cloud Environment , 2020, IEEE Transactions on Dependable and Secure Computing.

[12]  Jintao Li,et al.  Data fusion in cyber-physical-social systems: State-of-the-art and perspectives , 2019, Inf. Fusion.

[13]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2011, IEEE Transactions on Parallel and Distributed Systems.

[14]  Li Zhang,et al.  A Fuzzy Bayesian Approach to Enhance SCADA Network Security , 2014 .

[15]  Laurence T. Yang,et al.  Tensor-based software-defined internet of things , 2016, IEEE Wireless Communications.

[16]  Jun Zhang,et al.  Internet Traffic Classification Using Constrained Clustering , 2014, IEEE Transactions on Parallel and Distributed Systems.

[17]  Vinod K. Agarwal,et al.  Data Flow Anomaly Detection , 1984, IEEE Transactions on Software Engineering.

[18]  Wenjuan Li,et al.  A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures , 2016, J. Netw. Comput. Appl..

[19]  Ali Gökhan Yavuz,et al.  Network Anomaly Detection with Stochastically Improved Autoencoder Based Models , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[20]  Jintao Li,et al.  HO-OTSVD: A Novel Tensor Decomposition and Its Incremental Decomposition for Cyber–Physical–Social Networks (CPSN) , 2020, IEEE Transactions on Network Science and Engineering.

[21]  Mohammad S. Obaidat,et al.  Metaheuristic Solutions for Solving Controller Placement Problem in SDN-based WAN Architecture , 2017, DCNET.

[22]  B. Eter,et al.  A SOM and Bayesian Network Architecture for Alert Filtering in Network Intrusion Detection Systems , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[23]  Tao Li,et al.  FAS: Using FPGA to Accelerate and Secure SDN Software Switches , 2018, Secur. Commun. Networks.

[24]  Xia Yongxiang,et al.  A novel hidden Markov model for detecting complicate network attacks , 2010, 2010 IEEE International Conference on Wireless Communications, Networking and Information Security.

[25]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[26]  Laurence T. Yang,et al.  A Tensor-Based Big-Data-Driven Routing Recommendation Approach for Heterogeneous Networks , 2019, IEEE Network.

[27]  Toshinori Sueyoshi,et al.  Early DoS/DDoS Detection Method using Short-term Statistics , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[28]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[29]  Mohsen Guizani,et al.  Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks , 2018, IEEE Journal on Selected Areas in Communications.

[30]  Tao Wang,et al.  SDNManager: A Safeguard Architecture for SDN DoS Attacks Based on Bandwidth Prediction , 2018, Secur. Commun. Networks.

[31]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[32]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[33]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[34]  Daniel Kudenko,et al.  Multi-agent Reinforcement Learning for Intrusion Detection , 2007, Adaptive Agents and Multi-Agents Systems.

[35]  Laurence T. Yang,et al.  A Tensor-Based Framework for Software-Defined Cloud Data Center , 2016, ACM Trans. Multim. Comput. Commun. Appl..

[36]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.

[37]  Kejiang Ye,et al.  Network Anomaly Detection and Identification Based on Deep Learning Methods , 2018, CLOUD.

[38]  Wentao Wang,et al.  A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller , 2018, Future Internet.

[39]  Laurence T. Yang,et al.  A Big Data-as-a-Service Framework: State-of-the-Art and Perspectives , 2018, IEEE Transactions on Big Data.

[40]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[41]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[42]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[43]  Yuh-Jye Lee,et al.  Anomaly Detection via Online Oversampling Principal Component Analysis , 2013, IEEE Transactions on Knowledge and Data Engineering.

[44]  Khalid Chougdali,et al.  Intrusion detection system using PCA and Fuzzy PCA techniques , 2016, 2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS).

[45]  Joel J. P. C. Rodrigues,et al.  An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics , 2018, Future Gener. Comput. Syst..

[46]  Panos E. Livadas,et al.  Data flow anomaly detection of recursive procedures , 1994 .

[47]  Naixue Xiong,et al.  Anomaly secure detection methods by analyzing dynamic characteristics of the network traffic in cloud communications , 2014, Inf. Sci..

[48]  Laurence T. Yang,et al.  Privacy-Preserving Double-Projection Deep Computation Model With Crowdsourcing on Cloud for Big Data Feature Learning , 2018, IEEE Internet of Things Journal.

[49]  Xin Xu,et al.  Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning , 2007, PAISI.

[50]  Mohammad S. Obaidat,et al.  Software Defined Network Based Fault Detection in Industrial Wireless Sensor Networks , 2018, 2018 IEEE Global Communications Conference (GLOBECOM).

[51]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[52]  Rakesh Kumar Jha,et al.  An Effective Defence Mechanism for Detection of DDoS Attack on Application Layer Based on Hidden Markov Model , 2012 .

[53]  M. Shyu,et al.  A Novel Anomaly Detection Scheme Based on Principal Component Classifier , 2003 .

[54]  Jinjun Chen,et al.  An Improved Secure High-Order-Lanczos Based Orthogonal Tensor SVD for Outsourced Cyber-Physical-Social Big Data Reduction , 2018 .

[55]  Vrizlynn L. L. Thing,et al.  IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach , 2017, 2017 IEEE Wireless Communications and Networking Conference (WCNC).

[56]  Chin-Tser Huang,et al.  Wavelet-based Real Time Detection of Network Traffic Anomalies , 2006, 2006 Securecomm and Workshops.

[57]  Laurence T. Yang,et al.  ${M^2}{T^2}$: The Multivariate Multistep Transition Tensor for User Mobility Pattern Prediction , 2020, IEEE Transactions on Network Science and Engineering.

[58]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[59]  Rajiv Ranjan,et al.  A predictive load balancing technique for software defined networked cloud services , 2018, Computing.

[60]  Laurence T. Yang,et al.  The Cyber-Physical-Social Transition Tensor Service Framework , 2018 .

[61]  Gyungho Lee,et al.  DDoS Attack Detection and Wavelets , 2005, Telecommun. Syst..

[62]  Qing Yang,et al.  Support Vector Machine for Intrusion Detection Based on LSI Feature Selection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[63]  Jugal K. Kalita,et al.  Information metrics for low-rate DDoS attack detection: A comparative evaluation , 2014, 2014 Seventh International Conference on Contemporary Computing (IC3).

[64]  Laurence T. Yang,et al.  High-order possibilistic c-means algorithms based on tensor decompositions for big data in IoT , 2018, Inf. Fusion.

[65]  Anukool Lakhina,et al.  Multivariate Online Anomaly Detection Using Kernel Recursive Least Squares , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[66]  Xin Xu,et al.  A Kernel-Based Reinforcement Learning Approach to Dynamic Behavior Modeling of Intrusion Detection , 2007, ISNN.

[67]  D. S. Yeung,et al.  Network intrusion detection in covariance feature space , 2007, Pattern Recognit..

[68]  Laurence T. Yang,et al.  A tensor-based big data model for QoS improvement in software defined networks , 2016, IEEE Network.

[69]  Sui Song,et al.  Flow-based Statistical Aggregation Schemes for Network Anomaly Detection , 2006, 2006 IEEE International Conference on Networking, Sensing and Control.

[70]  Sanjay Jha,et al.  A Survey of Securing Networks Using Software Defined Networking , 2015, IEEE Transactions on Reliability.

[71]  Jintao Li,et al.  An Edge Cloud-Assisted CPSS Framework for Smart City , 2018, IEEE Cloud Computing.

[72]  Jinshu Su,et al.  OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN , 2018, Secur. Commun. Networks.

[73]  Ahmad Y. Javaid,et al.  A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) , 2016, EAI Endorsed Trans. Security Safety.

[74]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[75]  Bo Li,et al.  A deep learning enabled subspace spectral ensemble clustering approach for web anomaly detection , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[76]  Laurence T. Yang,et al.  A Cloud-Edge Computing Framework for Cyber-Physical-Social Services , 2017, IEEE Communications Magazine.

[77]  Roberto Battiti,et al.  Identifying intrusions in computer networks with principal component analysis , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[78]  Laurence T. Yang,et al.  A Secure High-Order Lanczos-Based Orthogonal Tensor SVD for Big Data Reduction in Cloud Environment , 2019, IEEE Transactions on Big Data.

[79]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[80]  Dongxia Wang,et al.  DAC‐Hmm: detecting anomaly in cloud systems with hidden Markov models , 2015, Concurr. Comput. Pract. Exp..