Fast Defense System Against Attacks in Software Defined Networks

With the ever-growing data traffic in computer networks nowadays, the management of large-scale networks is a challenge for guaranteeing the quality of the provided services. This is due to the increasingly usage of connected applications, such as Internet of Things and cloud computing environments. Software-defined networking (SDN) is a new paradigm that aims to make this management process easier by centralizing the configuration of all network devices into a single programmable central controller. However, as any centralized service, this architecture is susceptible to security vulnerabilities, such as distributed denial of service (DDoS) and port scan attacks. Thus, security methods are necessary to guarantee the normal operation of SDN’s central controller. Furthermore, networks are transporting an increasingly amount of information day by day, which could mean data loss in case of long network unavailability. For this reason, security mechanisms must operate online, with fast-responding countermeasures to mitigate the impact of the detected attacks over the SDN. In this paper, we present a fast SDN defense system against DDoS and port scan attacks, which runs directly into the central controller and uses a game theoretical approach for attack mitigation. For the detection, we compare three different approaches, particle swarm optimization, multi-layer perceptron neural network, and discrete wavelet transform. We test our approach over IP flow data generated over Mininet network emulator, along with floodlight controller, and the presented defense system achieved good outcomes for both detection and mitigation processes.

[1]  Sylvio Barbon Junior,et al.  Unsupervised learning clustering and self-organized agents applied to help network management , 2016, Expert Syst. Appl..

[2]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[3]  Chun-Hung Richard Lin,et al.  Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[4]  Sajal K. Das,et al.  Software Defined Networking Meets Information Centric Networking: A Survey , 2018, IEEE Access.

[5]  Guangmin Hu,et al.  Anomaly Detection of Network Traffic Based on Wavelet Packet , 2006, 2006 Asia-Pacific Conference on Communications.

[6]  Vallipuram Muthukkumarasamy,et al.  Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[7]  Shannon M. Hughes,et al.  Stylistic analysis of paintings usingwavelets and machine learning , 2009, 2009 17th European Signal Processing Conference.

[8]  Yonggang Wen,et al.  “ A Survey of Software Defined Networking , 2020 .

[9]  Rehab F. Abdel-Kader,et al.  A PSO-BASED SUBTRACTIVE DATA CLUSTERING ALGORITHM , 2013 .

[10]  Ingrid Daubechies Wavelets: an overview, with recent applications , 1995, Proceedings of 1995 IEEE International Symposium on Information Theory.

[11]  Fukuda Kensuke,et al.  A wavelet-based anomaly detection for outbound network traffic , 2010, 8th Asia-Pacific Symposium on Information and Telecommunication Technologies.

[12]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[13]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[14]  Taufik Abrão,et al.  An ecosystem for anomaly detection and mitigation in software-defined networking , 2018, Expert Syst. Appl..

[15]  Yugyung Lee,et al.  Real-time network anomaly detection system using machine learning , 2015, 2015 11th International Conference on the Design of Reliable Communication Networks (DRCN).

[16]  Hongke Zhang,et al.  Defending Against New-Flow Attack in SDN-Based Internet of Things , 2017, IEEE Access.

[17]  Alberto Dainotti,et al.  Millions of targets under attack: a macroscopic characterization of the DoS ecosystem , 2017, Internet Measurement Conference.

[18]  Christos Siaterlis,et al.  Detecting DDoS attacks using a multilayer Perceptron classifier , 2004 .

[19]  Michael E. Fitzpatrick,et al.  Anomaly detection in time series data using a combination of wavelets, neural networks and Hilbert transform , 2015, 2015 6th International Conference on Information, Intelligence, Systems and Applications (IISA).

[20]  Russell J. Clark,et al.  Advancing Software-Defined Networks: A Survey , 2017, IEEE Access.

[21]  Chung-Horng Lung,et al.  Mobile Network Traffic Prediction Using MLP, MLPWD, and SVM , 2016, 2016 IEEE International Congress on Big Data (BigData Congress).

[22]  Simon Haykin,et al.  Neural Networks and Learning Machines , 2010 .

[23]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[24]  Wei-Jie Han,et al.  An anomaly traffic detection method based on the flow template for the controlled network , 2016, 2016 15th International Conference on Optical Communications and Networks (ICOCN).

[25]  James Kennedy,et al.  Particle swarm optimization , 2002, Proceedings of ICNN'95 - International Conference on Neural Networks.

[26]  Joel J. P. C. Rodrigues,et al.  Networking Anomaly Detection Using DSNs and Particle Swarm Optimization with Re-Clustering , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[27]  Fatih Alagöz,et al.  Defense Mechanisms against DDoS Attacks in SDN Environment , 2017, IEEE Communications Magazine.

[28]  Mario C. Cirillo,et al.  On the use of the normalized mean square error in evaluating dispersion model performance , 1993 .

[29]  Sridhar Ramaswamy,et al.  Efficient algorithms for mining outliers from large data sets , 2000, SIGMOD '00.

[30]  Deepti Shrimankar,et al.  Controllers in SDN: A Review Report , 2018, IEEE Access.

[31]  Thomas Lotze A Wavelet-based Anomaly Detector for Early Detection of Disease Outbreaks , 2006 .

[32]  James Kennedy,et al.  Defining a Standard for Particle Swarm Optimization , 2007, 2007 IEEE Swarm Intelligence Symposium.

[33]  Aniruddha S. Gokhale,et al.  Software-Defined Networking: Challenges and research opportunities for Future Internet , 2014, Comput. Networks.

[34]  Taufik Abrão,et al.  Network Anomaly Detection System using Genetic Algorithm and Fuzzy Logic , 2018, Expert Syst. Appl..

[35]  Feng Qi,et al.  A flow-based anomaly detection method using sketch and combinations of traffic features , 2010, 2010 International Conference on Network and Service Management.

[36]  Hui Tian,et al.  Diffusion Wavelet-Based Anomaly Detection in Networks , 2016, 2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT).

[37]  Mamun Bin Ibne Reaz,et al.  A novel SVM-kNN-PSO ensemble method for intrusion detection system , 2016, Appl. Soft Comput..

[38]  T. Ferryman,et al.  Data outlier detection using the Chebyshev theorem , 2005, 2005 IEEE Aerospace Conference.

[39]  Taufik Abrao,et al.  A Game Theoretical Based System Using Holt-Winters and Genetic Algorithm With Fuzzy Logic for DoS/DDoS Mitigation on SDN Networks , 2017, IEEE Access.

[40]  Md. Rafiqul Islam,et al.  A survey of anomaly detection techniques in financial domain , 2016, Future Gener. Comput. Syst..

[41]  Jim Alves-Foss,et al.  An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events , 2002, NSPW '02.

[42]  David C. Hoaglin,et al.  John W. Tukey and data analysis , 2003 .

[43]  Manel Guerrero Zapata,et al.  A fuzzy anomaly detection system based on hybrid PSO-Kmeans algorithm in content-centric networks , 2015, Neurocomputing.

[44]  Zhixin Sun,et al.  A Detection Method for Anomaly Flow in Software Defined Network , 2018, IEEE Access.

[45]  Sumei Sun,et al.  Decentralized Network Anomaly Detection via a Riemannian Cluster Approach , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[46]  Tanmay De,et al.  MLP-GA based algorithm to detect application layer DDoS attack , 2017, J. Inf. Secur. Appl..

[47]  Ali A. Ghorbani,et al.  Detecting Network Anomalies Using Different Wavelet Basis Functions , 2008, 6th Annual Communication Networks and Services Research Conference (cnsr 2008).

[48]  Lei Guo,et al.  An Efficient SDN-Based DDoS Attack Detection and Rapid Response Platform in Vehicular Networks , 2018, IEEE Access.

[49]  Georg Carle,et al.  Traffic Anomaly Detection Using K-Means Clustering , 2007 .

[50]  Ke Liu,et al.  A flow-based anomaly detection method using entropy and multiple traffic features , 2010, 2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT).