An ecosystem for anomaly detection and mitigation in software-defined networking

Abstract Along with the rapid growth of computer networks comes the need for automating management functions to prevent errors in decision-making and reduce the cost of ordinary operations. Software-defined networking (SDN) is an emergent paradigm that aims to support next-generation networks through its flexible and powerful management mechanisms. Although SDN provides greater control over traffic flow, its security and availability remain a challenge. The major contribution of this paper is to present an SDN-based ecosystem that monitors network traffic and proactively detects anomalies which may impair proper network functioning. When an anomalous event is recognized, the proposal conducts a more active analysis to inspect irregularities at the network traffic flow level. Detecting such problems quickly is essential to take appropriate countermeasures. In this manner, the potential for centralized network monitoring based on SDN with OpenFlow is addressed in order to evaluate mitigation policies against threats. Experimental results demonstrate the proposed ecosystem succeeds in achieving higher detection rates compared to other approaches. In addition, the performance analysis shows that our approach can efficiently contribute to the network’s resilience.

[1]  Wenjuan Li,et al.  A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures , 2016, J. Netw. Comput. Appl..

[2]  Izzat Alsmadi,et al.  Identifying DoS attacks on software defined networks: A relation context approach , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[3]  Min Luo,et al.  Control traffic balancing in software defined networks , 2016, Comput. Networks.

[4]  Mario Lemes Proença,et al.  The Hurst Parameter for Digital Signature of Network Segment , 2004, ICT.

[5]  Yun Wang,et al.  A multinomial logistic regression modeling approach for anomaly intrusion detection , 2005, Comput. Secur..

[6]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[7]  Lei Wei,et al.  FlowRanger: A request prioritizing algorithm for controller DoS attacks in Software Defined Networks , 2015, 2015 IEEE International Conference on Communications (ICC).

[8]  Sylvio Barbon Junior,et al.  Unsupervised learning clustering and self-organized agents applied to help network management , 2016, Expert Syst. Appl..

[9]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[10]  Ali Ghaffari,et al.  Software defined networks: A survey , 2016, J. Netw. Comput. Appl..

[11]  Kpatcha M. Bayarou,et al.  OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[12]  Radu State,et al.  Implications and detection of DoS attacks in OpenFlow-based networks , 2014, 2014 IEEE Global Communications Conference.

[13]  Truong Thu Huong,et al.  OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks , 2016, 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE).

[14]  H. Jonathan Chao,et al.  SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[15]  Pavle Vuletic,et al.  A transparent and scalable anomaly-based DoS detection method , 2016, Comput. Networks.

[16]  Hai Jin,et al.  Defending Against Flow Table Overloading Attack in Software-Defined Networks , 2019, IEEE Transactions on Services Computing.

[17]  Taufik Abrão,et al.  Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic , 2018, Expert Syst. Appl..

[18]  Joel J. P. C. Rodrigues,et al.  Network anomaly detection using IP flows with Principal Component Analysis and Ant Colony Optimization , 2016, J. Netw. Comput. Appl..

[19]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[20]  Ye Wang,et al.  NetFuse: Short-circuiting traffic surges in the cloud , 2013, 2013 IEEE International Conference on Communications (ICC).

[21]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[22]  Ingrid Nunes,et al.  BDI2DoS: An application using collaborating BDI agents to combat DDoS attacks , 2017, J. Netw. Comput. Appl..

[23]  Sandhya,et al.  A survey: Hybrid SDN , 2017, J. Netw. Comput. Appl..

[24]  Weili Han,et al.  A survey on policy languages in network and security management , 2012, Comput. Networks.

[25]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[26]  Symeon Papavassiliou,et al.  Enhancing network traffic prediction and anomaly detection via statistical network traffic separation and combination strategies , 2006, Comput. Commun..

[27]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[28]  Yiming Li,et al.  Software defined networking: State of the art and research challenges , 2014, Comput. Networks.

[29]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[30]  Mario Lemes Proença,et al.  Deep IP flow inspection to detect beyond network anomalies , 2017, Comput. Commun..

[31]  Taufik Abrao,et al.  A Game Theoretical Based System Using Holt-Winters and Genetic Algorithm With Fuzzy Logic for DoS/DDoS Mitigation on SDN Networks , 2017, IEEE Access.

[32]  JongWon Kim,et al.  Suspicious traffic sampling for intrusion detection in software-defined networks , 2016, Comput. Networks.

[33]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[34]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[35]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[36]  Sylvio Barbon Junior,et al.  Anomaly detection using the correlational paraconsistent machine with digital signatures of network segment , 2017, Inf. Sci..

[37]  Zonghua Zhang,et al.  Adaptive Policy-driven Attack Mitigation in SDN , 2017, IWSEC 2017.