More Web Proxy on the site http://driver.im/

research-article

Cognitive Security: Security Analytics and Autonomics for Virtualized Networks

Authors:

Lalita Jagadeesan,

Vijay K. Gurbani,

Jie YangAuthors Info & Claims

IPTComm '15: Proceedings of the Principles, Systems and Applications on IP Telecommunications

Pages 43 - 50

https://doi.org/10.1145/2843491.2843837

Published: 06 October 2015 Publication History

Abstract

Virtualized networks offer the potential to dynamically reconfigure themselves in real-time. Coupled with automated real-time analytics, these capabilities can be leveraged to enable such networks to automatically detect security threats in real-time, dynamically reconfigure themselves to protect against these threats, and automatically immunize themselves against evolving threats. We present an approach that combines real-time analytics with autonomics -- using anomaly detection to identify potential security threats, in combination with autonomics to enable dynamic network reconfigurations to mitigate against these threats. A key challenge is to distinguish "good anomalies" arising from legitimate increases in network traffic, for example due to natural disasters, flash mobs, or other unexpected events, from "bad anomalies" arising from potential security attacks, as the autonomic actions may widely vary: e.g., dynamic increase of network resources for increases in legitimate traffic, instantiation of virtual security functions in the face of security attacks. We present a combination of machine learning based detection with temporal logic based analysis that provides a foundation for distinguishing these anomalies and enabling dynamic network autonomics in response. We illustrate our approach through a case study on distributed denial of service attacks on SIP-based virtualized networks.

References

[1]

{online} http://spark.apache.org/streaming.

[2]

H. Abdelnur, R. State, and O. Festor. Kif: A stateful sip fuzzer. In Proceedings of ACM International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), pages 47--56, 2007.

Digital Library

[3]

C. Aggarwal. Outlier Analysis. Springer, 2013.

Digital Library

[4]

M. A. Akbar and M. Farooq. Application of evolutionary algorithms in detection of sip based flooding attacks. In Proceedings of the 11th Annual conference on Genetic and evolutionary computation, pages 1419--1426, 2009.

Digital Library

[5]

T. Alrahem, A. Chen, N. DiGiuseppe, J. Gee, S.-P. Hsiao, S. Mattox, T. Park, A. Tam, and I. Harris. Interstate: A stateful protocol fuzzer for sip. In Defcon, pages 1--5, 2007.

[6]

R. Alur and D. Dill. A theory of timed automata. Theoretical Computer Science, 126:183---235, 1994.

Digital Library

[7]

H. Barringer, A. Goldberg, K. Havelund, and K. Sen. Rule-based runtime verification. In VMCAI, volume 2937 of Lecture Notes in Computer Science, pages 44---57, 2004.

[8]

A. Bifet, G. Holmes, R. Kirby, and B. Pfahringer. Data stream mining: A practical approach. 2011. {online} http://moa.cms.waikato.ac.nz/publications/.

[9]

V. Chandola, A. Banerjee, and V. Kumar. Anomaly detection: a survey. ACM Computing Surveys, 2009.

Digital Library

[10]

E. Clarke, E. Emerson, and A. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems (TOPLAS), 8(2):244--263, April 1986.

Digital Library

[11]

R. Ferdous, R. Cigno, and A. Zorat. On the use of svms to detect anomalies in a stream of sip messages. In Proceedings of the 11th International Conference on Machine Learning and Applications (ICMLA), pages 592--597, 2012.

Digital Library

[12]

N. Hantehzadeh, A. Mehta, V. Gurbani, L. Gupta, T. Ho, and G. Wilathgamuwa. Statistical analysis of self-similar session initiation protocol (sip) messages for anomaly detection. In Proceedings of the 4th IFIP/IEEE International Conference on New Technologies, Mobility and Security (NTMS), pages 1--5, 2011.

[13]

L. Jagadeesan and R. Viswanathan. Passive mid-stream monitoring of real-time properties. In Proceedings of the 5th ACM International Conference on Embedded Software, pages 343--352, 2005.

Digital Library

[14]

M. Kim, M. Viswanathan, H. Ben-Abdallah, S. Kannan, I. Lee, and O. Sokolsky. Formally specified monitoring of temporal properties. In European Conference on Real-Time Systems, 1999.

[15]

Z. Manna and A. Pnueli. The temporal logic of reactive and concurrent systems. Springer-Verlag, 1992.

Digital Library

[16]

A. Mehta, N. Hantehzadeh, V. Gurbani, T. Ho, J. Koshiko, and R. Viswanathan. On the inefficacy of euclidean classifiers for detecting self-similar session initiation protocol (sip) messages. In Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM), pages 329--336, 2011.

[17]

M. Nassar, R. State, and O. Festor. Monitoring sip traffic using support vector machines. In Proceedings of the 11th International Symposium of Recent Advances in Intrusion Detection (RAID), pages 311--330, 2008.

Digital Library

[18]

K. Rieck, P. S. Wahl, Laskov, P. Domschitz, and K.-R. Muller. A self-learning system for detection of anomalous sip messages. In Proceedings of ACM International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm), pages 90--106, 2008.

Digital Library

[19]

J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley, and E. Schooler. Sip: Session initiation protocol. In IETF RFC 3261. Online at https://tools.ietf.org/html/rfc3261, 2002.

Digital Library

[20]

H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia. Detecting voip floods using the hellinger distance. IEEE Transactions on Parallel and Distributed Systems, 19(6):794--805, June 2008.

Digital Library

[21]

J. Tang, Y. Cheng, and Y. Hao. Detection and prevention of sip flooding attacks in voice over ip networks. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), pages 1161--1169, 2012.

[22]

T. Veasey and S. Dodson. Anomaly detection in application performance monitoring data. In Proceedings of the International Conference on

Cited By

Andrade RTorres J(2018)Self-Awareness as an enabler of Cognitive Security2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)10.1109/IEMCON.2018.8614798(701-708)Online publication date: Nov-2018
https://doi.org/10.1109/IEMCON.2018.8614798
Usman MRisdianto AHan JKim J(2017)Inter-correlation of Resource-/Flow-Level Visibility for APM Over OF@TEIN SDN-Enabled Multi-site CloudQuality, Reliability, Security and Robustness in Heterogeneous Networks10.1007/978-3-319-60717-7_48(478-484)Online publication date: 9-Aug-2017
https://doi.org/10.1007/978-3-319-60717-7_48

Index Terms

Cognitive Security: Security Analytics and Autonomics for Virtualized Networks
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

An Unsupervised Approach for Online Detection and Mitigation of High-Rate DDoS Attacks Based on an In-Memory Distributed Graph Using Streaming Data and Analytics
BDCAT '17: Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service, a network, or even an entire organization, unavailable by saturating it with traffic from multiple sources. DDoS attacks are among the most common and most ...
Dynamic DDoS Defense Resource Allocation using Network Function Virtualization
SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Distributed Denial of Service (DDoS) is one of the most common but destructive kind of cyberattacks. The DDoS attack traffic vastly includes the SYN packets. To handle excessive DDoS traffic without large impact on the benign traffic, it is important to ...
SIP proxy robustness against DoS attacks
ACC'11/MMACTEE'11: Proceedings of the 13th IASME/WSEAS international conference on Mathematical Methods and Computational Techniques in Electrical Engineering conference on Applied Computing

This paper deals with one of key issues of IP telephony regarding SIP Proxy robustness against attacks and compares security risks inherent to various Denial-of-Service (DoS) attacks and addresses effective protection against them. The proposed solution ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

IPTComm '15: Proceedings of the Principles, Systems and Applications on IP Telecommunications

October 2015

51 pages

ISBN:9781450339490

DOI:10.1145/2843491

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

IPTComm '15

IPTComm '15: Principles, Systems and Applications of IP Telecommunications

October 6 - 8, 2015

IL, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
142
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Andrade RTorres J(2018)Self-Awareness as an enabler of Cognitive Security2018 IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)10.1109/IEMCON.2018.8614798(701-708)Online publication date: Nov-2018
https://doi.org/10.1109/IEMCON.2018.8614798
Usman MRisdianto AHan JKim J(2017)Inter-correlation of Resource-/Flow-Level Visibility for APM Over OF@TEIN SDN-Enabled Multi-site CloudQuality, Reliability, Security and Robustness in Heterogeneous Networks10.1007/978-3-319-60717-7_48(478-484)Online publication date: 9-Aug-2017
https://doi.org/10.1007/978-3-319-60717-7_48

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents