Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks

Existing distributed denial-of-service attack detection in software defined networks (SDNs) typically perform detection in a single domain. In reality, abnormal traffic usually affects multiple network domains. Thus, a cross-domain attack detection has been proposed to improve detection performance. However, when participating in detection, the domain of each SDN needs to provide a large amount of real traffic data, from which private information may be leaked. Existing multiparty privacy protection schemes often achieve privacy guarantees by sacrificing accuracy or increasing the time cost. Achieving both high accuracy and reasonable time consumption is a challenging task. In this paper, we propose Predis, which is a privacy-preserving cross-domain attack detection scheme for SDNs. Predis combines perturbation encryption and data encryption to protect privacy and employs a computationally simple and efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We also improve kNN to achieve better efficiency. Via theoretical analysis and extensive simulations, we demonstrate that Predis is capable of achieving efficient and accurate attack detection while securing sensitive information of each domain.

[1]  Chase Qishi Wu,et al.  Secure cell relay routing protocol for sensor networks , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[2]  Tarik Taleb,et al.  Assuring virtual network function image integrity and host sealing in Telco cloue , 2017, 2017 IEEE International Conference on Communications (ICC).

[3]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[4]  Wei Jiang,et al.  Secure k-nearest neighbor query over encrypted data in outsourced environments , 2013, 2014 IEEE 30th International Conference on Data Engineering.

[5]  Casimer DeCusatis,et al.  Predicting network attack patterns in SDN using machine learning approach , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[6]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[7]  Ulrike Meyer,et al.  Fair and Privacy-Preserving Multi-party Protocols for Reconciling Ordered Input Sets , 2010, ISC.

[8]  Elisa Bertino,et al.  Privacy-Preserving Detection of Sensitive Data Exposure , 2015, IEEE Transactions on Information Forensics and Security.

[9]  Ahmad Y. Javaid,et al.  A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) , 2016, EAI Endorsed Trans. Security Safety.

[10]  Ali Selamat,et al.  An Evaluation on KNN-SVM Algorithm for Detection and Prediction of DDoS Attack , 2016, IEA/AIE.

[11]  Antonio F. Gómez-Skarmeta,et al.  Enhancing IoT security through network softwarization and virtual security appliances , 2018, Int. J. Netw. Manag..

[12]  Mohsen Guizani,et al.  Secure and Efficient Time Synchronization in Heterogeneous Sensor Networks , 2008, IEEE Transactions on Vehicular Technology.

[13]  Anderson C. A. Nascimento,et al.  Efficient and Private Scoring of Decision Trees, Support Vector Machines and Logistic Regression Models Based on Pre-Computation , 2019, IEEE Transactions on Dependable and Secure Computing.

[14]  Fernando Silveira,et al.  Detectability of Traffic Anomalies in Two Adjacent Networks , 2007, PAM.

[15]  Jordán Pascual Espada,et al.  Machine learning approach for text and document mining , 2014, ArXiv.

[16]  Toru Nakamura,et al.  P3MCF: Practical Privacy-Preserving Multi-domain Collaborative Filtering , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  Tanmay De,et al.  Distributed denial of service attack detection using Naive Bayes Classifier through Info Gain Feature Selection , 2016, ICIA.

[18]  Jiankun Hu,et al.  Cloud-Based Approximate Constrained Shortest Distance Queries Over Encrypted Graphs With Privacy Protection , 2018, IEEE Transactions on Information Forensics and Security.

[19]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[20]  Yang Xu,et al.  DDoS attack detection under SDN context , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[21]  Sheng Zhong,et al.  Privacy-Preserving Cross-Domain Routing Optimization - A Cryptographic Approach , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[22]  Jisa David,et al.  DDoS Attack Detection Using Fast Entropy Approach on Flow- Based Network Traffic , 2015 .

[23]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[24]  Cong Wang,et al.  Privacy-Preserving Multi-Keyword Ranked Search over Encrypted Cloud Data , 2014 .

[25]  Daniele Venturi,et al.  A Multi-Party Protocol for Privacy-Preserving Cooperative Linear Systems of Equations , 2014, BalkanCryptSec.

[26]  Yuval Elovici,et al.  ProfilIoT: a machine learning approach for IoT device identification based on network traffic analysis , 2017, SAC.

[27]  Liehuang Zhu,et al.  Privacy-Preserving Anomaly Detection Across Multi-domain for Software Defined Networks , 2015, INTRUST.

[28]  Tarik Taleb,et al.  NFV: Security Threats and Best Practices , 2017, IEEE Communications Magazine.

[29]  Nikos Mamoulis,et al.  Secure kNN computation on encrypted databases , 2009, SIGMOD Conference.

[30]  David G. Lowe,et al.  Shape indexing using approximate nearest-neighbour search in high-dimensional spaces , 1997, Proceedings of IEEE Computer Society Conference on Computer Vision and Pattern Recognition.

[31]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.

[32]  Danda B. Rawat,et al.  Software Defined Networking Architecture, Security and Energy Efficiency: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[33]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[34]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[35]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[36]  Bernhard Ager,et al.  Visualizing big network traffic data using frequent pattern mining and hypergraphs , 2013, Computing.

[37]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[38]  Thandar Phyu,et al.  Statistical Anomaly Detection of DDoS Attacks Using K-Nearest Neighbour , 2014 .

[39]  Shuang Wei,et al.  TDSC: Two-Stage DDoS Detection and Defense System Based on Clustering , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[40]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[41]  Yao Zheng,et al.  DDoS attack protection in the era of cloud computing and Software-Defined Networking , 2015, Comput. Networks.

[42]  Chang-Jung Hsieh,et al.  Detection DDoS attacks based on neural-network using Apache Spark , 2016, 2016 International Conference on Applied System Innovation (ICASI).

[43]  Tarik Taleb,et al.  Virtual security as a service for 5G verticals , 2018, 2018 IEEE Wireless Communications and Networking Conference (WCNC).

[44]  Mohsen Guizani,et al.  A Routing-Driven Key Management Scheme for Heterogeneous Sensor Networks , 2007, 2007 IEEE International Conference on Communications.

[45]  Seref Sagiroglu,et al.  A novel implementation of kNN classifier based on multi-tupled meteorological input data for wind power prediction , 2017 .

[46]  Richard E. Overill,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016, Neurocomputing.

[47]  M. Bataller,et al.  Feature selection for KNN classifier to improve accurate detection of subthalamic nucleus during deep brain stimulation surgery in Parkinson’s patients , 2017 .

[48]  Dan Pei,et al.  Opprentice: Towards Practical and Automatic Anomaly Detection Through Machine Learning , 2015, Internet Measurement Conference.

[49]  Liehuang Zhu,et al.  Classification of Encrypted Traffic With Second-Order Markov Chains and Application Attribute Bigrams , 2017, IEEE Transactions on Information Forensics and Security.

[50]  Nei Kato,et al.  State-of-the-Art Deep Learning: Evolving Machine Intelligence Toward Tomorrow’s Intelligent Network Traffic Control Systems , 2017, IEEE Communications Surveys & Tutorials.

[51]  Tarik Taleb,et al.  Securing VNF communication in NFVI , 2017, 2017 IEEE Conference on Standards for Communications and Networking (CSCN).

[52]  Mukesh Singhal,et al.  Security in wireless sensor networks , 2008, Wirel. Commun. Mob. Comput..

[53]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[54]  Hao Wang,et al.  Privacy-preserving anomaly detection across multi-domain networks , 2012, 2012 9th International Conference on Fuzzy Systems and Knowledge Discovery.

[55]  Shafi Goldwasser,et al.  Machine Learning Classification over Encrypted Data , 2015, NDSS.

[56]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.