Applied Cryptography and Network Security Workshops: ACNS 2019 Satellite Workshops, SiMLA, Cloud S&P, AIBlock, and AIoTS, Bogota, Colombia, June 5–7, 2019, Proceedings

In order to improve the security of password-based authentication in web applications, it is a common industry practice to profile users based on their sessions context, such as IP ranges and Browser type. On the other hand, behavioral dynamics such as mouse and keyword features have been proposed in order to improve authentication, but have been shown most effective only in continuous authentication scenarios. In this paper we propose to combine both fingerprinting and behavioral dynamics (for mouse and keyboard) in order to increase security of login mechanisms. We do this by using machine learning techniques that aim at high accuracy, and only occasionally raise alarms for manual inspection. Our combined approach achieves an AUC of 0.957. We discuss the practicality of our approach in industrial contexts.

[1]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[2]  James P. G. Sterbenz,et al.  Machine learning aided traffic tolerance to improve resilience for software defined networks , 2017, 2017 9th International Workshop on Resilient Networks Design and Modeling (RNDM).

[3]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[4]  Olga E. Segou,et al.  Evaluation of Apache Spot's machine learning capabilities in an SDN/NFV enabled environment , 2018, ARES.

[5]  Naveen K. Chilamkurti,et al.  Survey on SDN based network intrusion detection system using machine learning approaches , 2018, Peer-to-Peer Networking and Applications.

[6]  S. Mercy Shalinie,et al.  Restricted Boltzmann Machine based detection system for DDoS attack in Software Defined Networks , 2017, 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN).

[7]  Alberto Mozo,et al.  The Mouseworld, a security traffic analysis lab based on NFV/SDN , 2018, ARES.

[8]  Soumik Mondal,et al.  Combining keystroke and mouse dynamics for continuous user authentication and identification , 2016, 2016 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

[9]  Xiaodong Xu,et al.  LESLA: A Smart Solution for SDN-enabled mMTC E-health Monitoring System , 2018 .

[10]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[11]  Sanjay Jha,et al.  A Survey of Securing Networks Using Software Defined Networking , 2015, IEEE Transactions on Reliability.

[12]  Pan Wang,et al.  Datanet: Deep Learning Based Encrypted Network Traffic Classification in SDN Home Gateway , 2018, IEEE Access.

[13]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[14]  Stefano Avallone,et al.  An OpenFlow-based architecture for IaaS security , 2013, ATACCS.

[15]  Rojalina Priyadarshini,et al.  An Intelligent Software defined Network Controller for preventing Distributed Denial of Service Attack , 2018, 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT).

[16]  Tam N. Nguyen,et al.  The Challenges in ML-Based Security for SDN , 2018, 2018 2nd Cyber Security in Networking Conference (CSNet).

[17]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[18]  Muhammad Ejaz Ahmed,et al.  Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking , 2017, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM).

[19]  Malcolm I. Heywood,et al.  Initiating a Moving Target Network Defense with a Real-time Neuro-evolutionary Detector , 2016, GECCO.

[20]  Mounir Ghogho,et al.  Deep learning approach for Network Intrusion Detection in Software Defined Networking , 2016, 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM).

[21]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[22]  Deep Medhi,et al.  SeReNe: On Establishing Secure and Resilient Networking Services for an SDN-based Multi-tenant Datacenter Environment , 2015, 2015 IEEE International Conference on Dependable Systems and Networks Workshops.

[23]  Cees T. A. M. de Laat,et al.  Measuring the efficiency of SDN mitigations against attacks on computer infrastructures , 2019, Future Gener. Comput. Syst..

[24]  Mahesh Kumar Prasath,et al.  A meta-heuristic Bayesian network classification for intrusion detection , 2019, Int. J. Netw. Manag..

[25]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[26]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[27]  Malek Ben Salem,et al.  A Survey of Insider Attack Detection Research , 2008, Insider Attack and Cyber Security.

[28]  Majd Latah,et al.  Towards an Efficient Anomaly-Based Intrusion Detection for Software-Defined Networks , 2018, IET Networks.

[29]  Ahmed Toumanari,et al.  Survey of Security in Software-Defined Network , 2017 .

[30]  Mounir Ghogho,et al.  Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks , 2018, 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft).

[31]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1995, CCRV.

[32]  Venu Govindaraju,et al.  Behavioural biometrics: a survey and classification , 2008, Int. J. Biom..

[33]  Muhammad Nasir Mumtaz Bhutta,et al.  Detection and mitigation of Denial of Service (DoS) attacks using performance aware Software Defined Networking (SDN) , 2017, 2017 International Conference on Information and Communication Technologies (ICICT).

[34]  Alberto Leon-Garcia,et al.  Security function virtualization in software defined infrastructure , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[35]  Ahmed Dawoud,et al.  A Deep Learning Framework to Enhance Software Defined Networks Security , 2018, 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[36]  Rongpeng Li,et al.  A Machine Learning Based Intrusion Detection System for Software Defined 5 , 2017 .

[37]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[38]  Hoa Le,et al.  Flexible Network-Based Intrusion Detection and Prevention System on Software-Defined Networks , 2015, 2015 International Conference on Advanced Computing and Applications (ACOMP).

[39]  Dijiang Huang,et al.  SDN based Scalable MTD solution in Cloud Network , 2016, MTD@CCS.

[40]  Jean C. Walrand,et al.  Knowledge-Defined Networking: Modelització de la xarxa a través de l’aprenentatge automàtic i la inferència , 2016 .

[41]  David D. Clark,et al.  A knowledge plane for the internet , 2003, SIGCOMM '03.

[42]  Chi-Chun Lo,et al.  An Efficient Flow Control Approach for SDN-Based Network Threat Detection and Migration Using Support Vector Machine , 2016, 2016 IEEE 13th International Conference on e-Business Engineering (ICEBE).

[43]  Jianli Pan,et al.  Cybersecurity Challenges and Opportunities in the New "Edge Computing + IoT" World , 2018, SDN-NFV@CODASPY.

[44]  Taufik Abrão,et al.  An ecosystem for anomaly detection and mitigation in software-defined networking , 2018, Expert Syst. Appl..

[45]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[46]  Maria Rita Palattella,et al.  Cognition: A Tool for Reinforcing Security in Software Defined Networks , 2014 .

[47]  Danda B. Rawat,et al.  Software Defined Networking Architecture, Security and Energy Efficiency: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[48]  Ahmed Dawoud,et al.  Deep learning and software-defined networks: Towards secure IoT architecture , 2018, Internet Things.

[49]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[50]  Casimer DeCusatis,et al.  Predicting network attack patterns in SDN using machine learning approach , 2016, 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN).

[51]  Tao Jin,et al.  Application-awareness in SDN , 2013, SIGCOMM.

[52]  Dijiang Huang,et al.  A Defense System for Defeating DDoS Attacks in SDN based Networks , 2017, MobiWac.

[53]  Luís Bernardo,et al.  Machine Learning in Software Defined Networks: Data collection and traffic classification , 2016, 2016 IEEE 24th International Conference on Network Protocols (ICNP).

[54]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[55]  Majd Latah,et al.  An efficient flow-based multi-level hybrid intrusion detection system for software-defined networks , 2018, CCF Transactions on Networking.

[56]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[57]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[58]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[59]  Taimur Bakhshi Multi-feature Enterprise Traffic Characterization in OpenFlow-based Software Defined Networks , 2017, 2017 International Conference on Frontiers of Information Technology (FIT).

[60]  Tram Truong Huu,et al.  Crossfire Attack Detection Using Deep Learning in Software Defined ITS Networks , 2018, 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring).