A Generalized Renyi Joint Entropy Method for the Detection of DDoS Attacks in IoT

Internet of things connects all the smart devices with internet and gain more information in comparison with other systems. Since different types of objects are connected, privacy and security of the users must be ensured. Because of the decentralised nature, IoT is prone to different types of attacks which are either active or passive. Since internet is the main part of IoT, the security issues present in Internet will be available in the Internet of Things too. Distributed denial of service is a major threat of this type and a critical threat. It reduces the performance of the complete network even it breaks entire communication. For this reason many researches have been made in this area to detect Distributed Denial of Service attack. Entropy-based approaches to identify DDoS attacks in the internet of things are discussed in this research. This new approach is based on the GRJE method, which stands for generalised Renyi joint entropy. Renyi joint entropy is used in the suggested approach to analyse network traffic flow. The suggested method is put into practise and evaluated against other methods based on a few factors.  Results from an analysis of the suggested system's effectiveness in NS2 are reported in this study

Software-Defined Networking in Cloud Computing

Through network programmability, we may simplify network management and bring innovation, cloud computing introduced some of its network concepts. One of the most prominent cloud models for minimizing maintenance obligations and simplifying network infrastructure administration is the SDN (Software Defined Network)  architecture. SDN stands out because it provides separation of the control plane and programmability for developing network applications. As a result, SDN is expected to enable more efficient configuration, higher performance, and increased flexibility to support new network architectures. This article is aimed to demonstrates the importance of the SDN and the major role it plays in the organization and how SDNs can be profitable to many organizations that remain in the archaic or a traditional cloud environment and how SDN can restructure the cloud architecture with more security enhancement and also to investigate SDN related issues and challenges to provide insight into the obstacles that this revolutionary network paradigm will face in the future, from both a protocol and architecture standpoint. In this study, systematic literature was conducted and descriptive was used to analyze data. When it comes to SDN, the following challenges and issues stand out: All of these phrases are used to characterize the properties of a system: scalability, high availability, reliability, elasticity, security, performance, resilience, and dependability

Pendeteksian DoS Pada Controller Software De?ned Networking Dengan Menggunakan Algoritma Berbasis Entropi

Serangan DoS merupakan ancaman yang sering terjadi terhadap controller di SDN. Jika SDN controller tidak dapat diakses oleh perangkat jaringan, keseluruhan jaringan akan mengalami kegagalan. Untuk mengurangi ancaman dari DoS pada controller di SDN, kami mengusulkan metode yang efektif dalam mendeteksi DoS dengan menggunakan entropi. Metode ini tidak hanya dapat mendeteksi serangan tetapi juga mengidentifikasi jalur menyerang dan memulai proses mitigasi untuk memberikan perlindungan bagi perangkat jaringan saat serangan terdeteksi. Metode yang diusulkan dapat mendeteksi serangan DoS didasarkan pada variasi entropi dari destination ip host yang menjadi target serangan. Metode pendeteksian DoS ini memiliki akurasi pendeteksian sebesar 75.67%

DeepIDS: Deep Learning Approach for Intrusion Detection in Software Defined Networking

Software Defined Networking (SDN) is developing as a new solution for the development and innovation of the Internet. SDN is expected to be the ideal future for the Internet, since it can provide a controllable, dynamic, and cost-effective network. The emergence of SDN provides a unique opportunity to achieve network security in a more efficient and flexible manner. However, SDN also has original structural vulnerabilities, which are the centralized controller, the control-data interface and the control-application interface. These vulnerabilities can be exploited by intruders to conduct several types of attacks. In this paper, we propose a deep learning (DL) approach for a network intrusion detection system (DeepIDS) in the SDN architecture. Our models are trained and tested with the NSL-KDD dataset and achieved an accuracy of 80.7% and 90% for a Fully Connected Deep Neural Network (DNN) and a Gated Recurrent Neural Network (GRU-RNN), respectively. Through experiments, we confirm that the DL approach has the potential for flow-based anomaly detection in the SDN environment. We also evaluate the performance of our system in terms of throughput, latency, and resource utilization. Our test results show that DeepIDS does not affect the performance of the OpenFlow controller and so is a feasible approach

Encryption-agnostic classifiers of traffic originators and their application to anomaly detection

This paper presents an approach that leverages classical machine learning techniques to identify the tools from the packets sniffed, both for clear-text and encrypted traffic. This research aims to overcome the limitations to security monitoring systems posed by the widespread adoption of encrypted communications. By training three distinct classifiers, this paper shows that it is possible to detect, with excellent accuracy, the category of tools that generated the analyzed traffic (e.g., browsers vs. network stress tools), the actual tools (e.g., Firefox vs. Chrome vs. Edge), and the individual tool versions (e.g., Chrome 48 vs. Chrome 68). The paper provides hints that the classifiers are helpful for early detection of Distributed Denial of Service (DDoS) attacks, duplication of entire websites, and identification of sudden changes in users’ behavior, which might be the consequence of malware infection or data exfiltration

A review of solutions for SDN-Exclusive security issues

Software Defined Networking is a paradigm still in its emergent stages in the realm of production-scale networks. Centralisation of network control introduces a new level of flexibility for network administrators and programmers. Security is a huge factor contributing to consumer resistance to implementation of SDN architecture. Without addressing the issues inherent from SDNs centralised nature, the benefits in performance and network configurative flexibility cannot be harnessed. This paper explores key threats posed to SDN environments and comparatively analyses some of the mechanisms proposed as mitigations against these threats – it also provides some insight into the future works which would enable a securer SDN architecture.

Encountering distributed denial of service attack utilizing federated software defined network

This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture