[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3444370.3444612acmotherconferencesArticle/Chapter ViewAbstractPublication PagesciatConference Proceedingsconference-collections
research-article

REAL-GUARD: A Machine Learning based Real-time Mechanism for Combining Packet and Flow Features to Mitigating Network Attacks in SDN

Published: 04 January 2021 Publication History

Abstract

Software Defined Network (SDN) is a new networking technology with the advantages of separating data forwarding plane from the control plane, and a growing number of traditional network attacks are left to this new network architecture. However, current solutions only concentrate on several special attacks in SDN and bring out a variety of overhead. In this paper, we consider two levels detection in data forwarding plane: packet level and flow level. We proposed an efficient, effective, real-time and machine learning based mechanism, called REAL-GUARD, to detect and defend network security threats with decision tree methods and without any extra devices. The experiments prove that our mechanism can defend scanning attacks and detect flooding attacks effectively with low additional performance overhead.

References

[1]
Rawat D B., Reddy S R.: Software Defined Networking Architecture, Security and Energy Efficiency: A Survey. Communications Surveys & Tutorials 19(1), 325--346. IEEE (2017).
[2]
Abdou., P. C. van Oorschot., T. Wan.: Comparative Analysis of Control Plane Security of SDN and Conventional Networks. In: IEEE Communications Surveys & Tutorials, vol. 20, no. 4, pp. 3542--3559, Fourthquarter (2018).
[3]
Yoon C., Lee S., Kang H., et al.: Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks. IEEE/ACM Transactions on Networking 25(6), 3514--3530 (2017).
[4]
Shin S., Xu L., Hong S., et al.: Enhancing Network Security through Software Defined Networking (SDN). International Conference on Computer Communication and Networks. IEEE (2016).
[5]
Ali Al-Shabibi., Marc De Leenheer., Matteo Gerola., Ayaka Koshibe., Guru Parulkar., Elio Salvadori., Bill Snow.: OpenVirteX: Make Your Virtual SDNs Programmable. In: HotSDN'14 (2014).
[6]
Seungwon Shin. Vinod Yegneswaran., Phil Porras., Guofei Gu.: Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 20th ACM Conference on Computer and Communications Security (November 2013).
[7]
Sonchack J., Aviv A. J., Keller E., Smith J. M., Enabling practical software-defined networking security applications with OFX. In: Proceedings of the Network and Distributed System Security Symposium 2016, pp. 1--15.NDSS'16, San Diego, CA, USA (2016).
[8]
Jero S., Koch W., Skowyra R., et al.: Identifier Binding Attacks and Defenses in Software-Defined Networks. 26th USENIX Security Symposium (USENIX Security 17), pp. 415--432. USENIX Association (2017).
[9]
Xu L., Huang J., Hong S., et al.: Attacking the Brain: Races in the SDN Control Plane. 26th USENIX Security Symposium (USENIX Security 17), pp. 451--468. USENIX Association (2017)
[10]
Guofei Gu., Hongxin Hu., Eric Keller., Zhiqiang Lin., Donald Porter.: Building a Security OS with Software Defined Infrastructure. In: Proceedings of the Eighth ACM SIGOPS Asia-Pacific Workshop on Systems (APSys'17), India (September 2017).
[11]
Shaghaghi A., Kaafar M A., Jha S. Wedgetail.: An intrusion prevention system for the data plane of software defined networks. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 849--861. ACM (2017).
[12]
Lee S., Kim J., Shin S., et al.: Athena: A framework for scalable anomaly detection in software-defined networks. 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 249--260. Denver, Colorado, America (2017).
[13]
Santos da Silva., J. A. Wickboldt., L. Z. Granville., A. Schaeffer-Filho.: ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN. NOMS 2016--2016 IEEE/IFIP Network Operations and Management Symposium, pp. 27--35. Istanbul, Turkey (2016).
[14]
Aizuddin A A., Atan M., Norulazmi M., et al.: DNS amplification attack detection and mitigation via sFlow with security-centric SDN. In: Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, pp. 3. ACM (2017).
[15]
H. Ma., H. Ding., Y. Yang., Z. Mi., M. Zhang.: SDN-Based ARP Attack Detection for Cloud Centers. 2015 IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and 2015 IEEE 12th Intl Conf on Autonomic and Trusted Computing and 2015 IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-ScalCom), pp. 1049--1054. Beijing, China (2015).
[16]
J. Zheng., Q. Li., G. Gu., J. Cao., D. K. Y. Yau., J. Wu.: Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis. In: IEEE Transactions on Information Forensics and Security, vol. 13, no. 7, pp. 1838-1853 (July 2018).
[17]
Q. Zhou., D. P. Pezaros.: BIDS: Bio-Inspired, Collaborative Intrusion Detection for Software Defined Networks. ICC 2019--2019 IEEE International Conference on Communications (ICC), pp. 1--6. Shanghai, China (2019).
[18]
Yadong Z., Kaiyue C., Junjie Z., et al.: Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense. Security & Communication Networks, pp. 1-15 (2018).
[19]
Hyun S., Kim J., Kim H., et al.: Interface to Network Security Functions for Cloud-Based Security Services. IEEE Communications Magazine 56(1), 171--178 (2018).
[20]
Park Y., Chandaliya P., Muralidharan A., et al.: Dynamic Defense Provision via Network Functions Virtualization. Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 43--46. ACM (2017).
[21]
Tang T., Zaidi S A R., McLernon D., et al.: Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks. In: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), pp. 202--206. Montreal, QC, Canada. IEEE (Jun 2018).
[22]
Jose A S., Nair L R., Paul V.: Data mining in software defined networking - a survey. 2017 International Conference on Computing Methodologies and Communication (ICCMC), pp. 668--672. Erode, India (2017).
[23]
Sharafaldin I., Lashkari A H., Ghorbani A A.: Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. 2018 4th International Conference on Information Systems Security and Privacy, pp. 108-116 (2018).
[24]
Wang H., Xu L., Gu G.: Floodguard: A dos attack prevention extension in software-defined networks. 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 239--250. IEEE (2015).
[25]
Qi Liu. The Design and Implementation of SECaaS with Data-Driven Method. MA, Inner Mongolia University, China, 2019.

Index Terms

  1. REAL-GUARD: A Machine Learning based Real-time Mechanism for Combining Packet and Flow Features to Mitigating Network Attacks in SDN

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    CIAT 2020: Proceedings of the 2020 International Conference on Cyberspace Innovation of Advanced Technologies
    December 2020
    597 pages
    ISBN:9781450387828
    DOI:10.1145/3444370
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    In-Cooperation

    • Sun Yat-Sen University
    • CARLETON UNIVERSITY: INSTITUTE FOR INTERDISCIPLINARY STUDIES
    • Beijing University of Posts and Telecommunications
    • Guangdong University of Technology: Guangdong University of Technology
    • Deakin University

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 January 2021

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Detection and Defense
    2. Machine Learning
    3. Network Security
    4. Real-time
    5. Software Defined Network

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    CIAT 2020

    Acceptance Rates

    CIAT 2020 Paper Acceptance Rate 94 of 232 submissions, 41%;
    Overall Acceptance Rate 94 of 232 submissions, 41%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 69
      Total Downloads
    • Downloads (Last 12 months)6
    • Downloads (Last 6 weeks)4
    Reflects downloads up to 11 Dec 2024

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media