175 research outputs found
Container network functions: bringing NFV to the network edge
In order to cope with the increasing network utilization driven by new mobile clients, and to satisfy demand for new network services and performance guarantees, telecommunication service providers are exploiting virtualization over their network by implementing network services in virtual machines, decoupled from legacy hardware accelerated appliances. This effort, known as NFV, reduces OPEX and provides new business opportunities. At the same time, next generation mobile, enterprise, and IoT networks are introducing the concept of computing capabilities being pushed at the network edge, in close proximity of the users. However, the heavy footprint of today's NFV platforms prevents them from operating at the network edge. In this article, we identify the opportunities of virtualization at the network edge and present Glasgow Network Functions (GNF), a container-based NFV platform that runs and orchestrates lightweight container VNFs, saving core network utilization and providing lower latency. Finally, we demonstrate three useful examples of the platform: IoT DDoS remediation, on-demand troubleshooting for telco networks, and supporting roaming of network functions
Improving Security in Internet of Things with Software Defined Networking
Future Internet of Things (IoT) will connect to the Internet billions of heterogeneous smart devices with the capacity of interacting with the environment. Therefore, the proposed solutions from an IoT networking perspective must take into account the scalability of IoT nodes as well as the operational cost of deploying the networking infrastructure. This will generate a huge volume of data, which poses a tremendous challenge both from the transport, and processing of information point of view. Moreover, security issues appear, due to the fact that untrusted IoT devices are interconnected towards the aggregation networks. In this paper, we propose the usage of a Software- Defined Networking (SDN) framework for introducing security in IoT gateways. An experimental validation of the framework is proposed, resulting in the enforcement of network security at the network edge
Defining the Behavior of IoT Devices through the MUD Standard: Review, Challenges, and Research Directions
With the strong development of the Internet of Things (IoT), the definition of IoT devices' intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoT-enabled scenarios
Renforcement de la sécurité à travers les réseaux programmables
La conception originale d’Internet n’a pas pris en compte les aspects de sécurité du réseau; l’objectif prioritaire était de faciliter le processus de communication. Par conséquent, de nombreux protocoles de l’infrastructure Internet exposent un ensemble de vulnérabilités. Ces dernières peuvent être exploitées par les attaquants afin de mener un ensemble
d’attaques. Les attaques par déni de service distribué (Distributed Denial of Service ou DDoS) représentent une grande menace et l’une des attaques les plus dévastatrices causant des dommages collatéraux aux opérateurs de réseau ainsi qu’aux fournisseurs de services Internet.
Les réseaux programmables, dits Software-Defined Networking (SDN), ont émergé comme
un nouveau paradigme promettant de résoudre les limitations de l’architecture réseau actuelle
en découplant le plan de contrôle du plan de données. D’une part, cette séparation permet
un meilleur contrôle du réseau et apporte de nouvelles capacités pour mitiger les attaques
par déni de service distribué. D’autre part, cette séparation introduit de nouveaux défis en
matière de sécurité du plan de contrôle.
L’enjeu de cette thèse est double. D’une part, étudier et explorer l’apport de SDN
à la sécurité afin de concevoir des solutions efficaces qui vont mitiger plusieurs vecteurs
d’attaques. D’autre part, protéger SDN contre ces attaques. À travers ce travail de
recherche, nous contribuons à la mitigation des attaques par déni de service distribué sur
deux niveaux (intra-domaine et inter-domaine), et nous contribuons au renforcement de
l’aspect sécurité dans les réseaux programmables.The original design of Internet did not take into consideration security aspects of the
network; the priority was to facilitate the process of communication. Therefore, many of the
protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can
be exploited by attackers to carry out a set of attacks. Distributed Denial-of-Service (DDoS)
represents a big threat and one of the most devastating and destructive attacks plaguing
network operators and Internet service providers (ISPs) in a stealthy way.
Software defined networks (SDN), an emerging technology, promise to solve the limitations
of the conventional network architecture by decoupling the control plane from the data
plane. On one hand, the separation of the control plane from the data plane allows for more
control over the network and brings new capabilities to deal with DDoS attacks. On the
other hand, this separation introduces new challenges regarding the security of the control
plane.
This thesis aims to deal with various types of attacks including DDoS attacks while
protecting the resources of the control plane. In this thesis, we contribute to the mitigation
of both intra-domain and inter-domain DDoS attacks, and to the reinforcement of security
aspects in SDN
On the Integration of Blockchain and SDN: Overview, Applications, and Future Perspectives
Blockchain (BC) and software-defined networking (SDN) are leading technologies which have recently found applications in several network-related scenarios and have consequently experienced a growing interest in the research community. Indeed, current networks connect a massive number of objects over the Internet and in this complex scenario, to ensure security, privacy, confidentiality, and programmability, the utilization of BC and SDN have been successfully proposed. In this work, we provide a comprehensive survey regarding these two recent research trends and review the related state-of-the-art literature. We first describe the main features of each technology and discuss their most common and used variants. Furthermore, we envision the integration of such technologies to jointly take advantage of these latter efficiently. Indeed, we consider their group-wise utilization—named BC–SDN—based on the need for stronger security and privacy. Additionally, we cover the application fields of these technologies both individually and combined. Finally, we discuss the open issues of reviewed research and describe potential directions for future avenues regarding the integration of BC and SDN. To summarize, the contribution of the present survey spans from an overview of the literature background on BC and SDN to the discussion of the benefits and limitations of BC–SDN integration in different fields, which also raises open challenges and possible future avenues examined herein. To the best of our knowledge, compared to existing surveys, this is the first work that analyzes the aforementioned aspects in light of a broad BC–SDN integration, with a specific focus on security and privacy issues in actual utilization scenarios
Software Defined Networks based Smart Grid Communication: A Comprehensive Survey
The current power grid is no longer a feasible solution due to
ever-increasing user demand of electricity, old infrastructure, and reliability
issues and thus require transformation to a better grid a.k.a., smart grid
(SG). The key features that distinguish SG from the conventional electrical
power grid are its capability to perform two-way communication, demand side
management, and real time pricing. Despite all these advantages that SG will
bring, there are certain issues which are specific to SG communication system.
For instance, network management of current SG systems is complex, time
consuming, and done manually. Moreover, SG communication (SGC) system is built
on different vendor specific devices and protocols. Therefore, the current SG
systems are not protocol independent, thus leading to interoperability issue.
Software defined network (SDN) has been proposed to monitor and manage the
communication networks globally. This article serves as a comprehensive survey
on SDN-based SGC. In this article, we first discuss taxonomy of advantages of
SDNbased SGC.We then discuss SDN-based SGC architectures, along with case
studies. Our article provides an in-depth discussion on routing schemes for
SDN-based SGC. We also provide detailed survey of security and privacy schemes
applied to SDN-based SGC. We furthermore present challenges, open issues, and
future research directions related to SDN-based SGC.Comment: Accepte
Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach
The expected advent of the Internet of Things (IoT) has triggered a large demand of embedded devices, which envisions the autonomous interaction of sensors and actuators while offering all sort of smart services. However, these IoT devices are limited in computation, storage, and network capacity, which makes them easy to hack and compromise. To achieve secure development of IoT, it is necessary to engineer scalable security solutions optimized for the IoT ecosystem. To this end, Software Defined Networking (SDN) is a promising paradigm that serves as a pillar in the fifth generation of mobile systems (5G) that could help to detect and mitigate Denial of Service (DoS) and Distributed DoS (DDoS) threats. In this work, we propose to experimentally evaluate an entropy-based solution to detect and mitigate DoS and DDoS attacks in IoT scenarios using a stateful SDN data plane. The obtained results demonstrate for the first time the effectiveness of this technique targeting real IoT data traffic.This research was funded by EU, European Regional Development Fund, and the regional government of Extremadura, Spain, grant number IB18003, the Spanish Ministry of Science, Innovation and Universities grant numbers TIN2016-75097-P, RTI2018-102002-A-I00, PEJ2018-003648-A and FEDER and Junta de AndalucĂa grant number B-TIC-402-UGR18
IoT Malware Network Traffic Classification using Visual Representation and Deep Learning
With the increase of IoT devices and technologies coming into service,
Malware has risen as a challenging threat with increased infection rates and
levels of sophistication. Without strong security mechanisms, a huge amount of
sensitive data is exposed to vulnerabilities, and therefore, easily abused by
cybercriminals to perform several illegal activities. Thus, advanced network
security mechanisms that are able of performing a real-time traffic analysis
and mitigation of malicious traffic are required. To address this challenge, we
are proposing a novel IoT malware traffic analysis approach using deep learning
and visual representation for faster detection and classification of new
malware (zero-day malware). The detection of malicious network traffic in the
proposed approach works at the package level, significantly reducing the time
of detection with promising results due to the deep learning technologies used.
To evaluate our proposed method performance, a dataset is constructed which
consists of 1000 pcap files of normal and malware traffic that are collected
from different network traffic sources. The experimental results of Residual
Neural Network (ResNet50) are very promising, providing a 94.50% accuracy rate
for detection of malware traffic.Comment: 10 pages, 5 figures, 2 table
- …