Intrusion detection system in software-defined networks

Mestrado de dupla diplomação com a UTFPR - Universidade Tecnológica Federal do ParanáSoftware-Defined Networking technologies represent a recent cutting-edge paradigm in network management, offering unprecedented flexibility and scalability. As the adoption of SDN continues to grow, so does the urgency of studying methods to enhance its security. It is the critical importance of understanding and fortifying SDN security, given its pivotal role in the modern digital ecosystem. With the ever-evolving threat landscape, research into innovative security measures is essential to ensure the integrity, confidentiality, and availability of network resources in this dynamic and transformative technology, ultimately safeguarding the reliability and functionality of our interconnected world. This research presents a novel approach to enhancing security in Software-Defined Networking through the development of an initial Intrusion Detection System. The IDS offers a scalable solution, facilitating the transmission and storage of network traffic with robust support for failure recovery across multiple nodes. Additionally, an innovative analysis module incorporates artificial intelligence (AI) to predict the nature of network traffic, effectively distinguishing between malicious and benign data. The system integrates a diverse range of technologies and tools, enabling the processing and analysis of network traffic data from PCAP files, thus contributing to the reinforcement of SDN security.As tecnologias de Redes Definidas por Software representam um paradigma recente na gestão de redes, oferecendo flexibilidade e escalabilidade sem precedentes. À medida que a adoção de soluções SDN continuam a crescer, também aumenta a urgência de estudar métodos para melhorar a sua segurança. É de extrema importância compreender e fortalecer a segurança das SDN, dado o seu papel fundamental no ecossistema digital moderno. Com o cenário de ameaças em constante evolução, a investigação de medidas de segurança inovadoras é essencial para garantir a integridade, a confidencialidade e a disponibilidade dos recursos da rede nesta tecnologia dinâmica e transformadora. Esta investigação apresenta uma nova abordagem para melhorar a segurança nas redes definidas por software através do desenvolvimento de um sistema inicial de deteção de intrusões. O IDS oferece uma solução escalável, facilitando a transmissão e o armazenamento do tráfego de rede com suporte robusto para recuperação de falhas em vários nós. Além disso, um módulo de análise inovador incorpora inteligência artificial (IA) para prever a natureza do tráfego de rede, distinguindo efetivamente entre dados maliciosos e benignos. O sistema integra uma gama diversificada de tecnologias e ferramentas, permitindo o processamento e a análise de dados de tráfego de rede a partir de ficheiros PCAP, contribuindo assim para o reforço da segurança SDN

Tennison: A Distributed SDN Framework for Scalable Network Security

Despite the relative maturity of the Internet, the computer networks of today are still susceptible to attack. The necessary distributed nature of networks for wide area connectivity has traditionally led to high cost and complexity in designing and implementing secure networks. With the introduction of software-defined networks (SDNs) and network functions virtualization, there are opportunities for efficient network threat detection and protection. SDN's global view provides a means of monitoring and defense across the entire network. However, current SDN-based security systems are limited by a centralized framework that introduces significant control plane overhead, leading to the saturation of vital control links. In this paper, we introduce TENNISON, a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely available networking hardware, support for legacy networks, and a modular and extensible distributed design. We demonstrate the effectiveness and capabilities of the TENNISON framework through the use of four attack scenarios. These highlight multiple levels of monitoring, rapid detection, and remediation, and provide a unique insight into the impact of multiple controllers on network attack detection at scale

Scalable and responsive SDN monitoring and remediation for the Cloud-to-Fog continuum

Since the inception of the digital era the sharing of information has been revolutionary to the way we live, inspiring the continuous evolution of computer networks. Year by year, humankind becomes increasingly dependent on the use of connected services as new technologies evolve and become more widely accessible. As the widespread deployment of the Internet of Things, 5G, and connected cars rapidly approaches, with tens of billions of new devices connect- ing to the Internet, there will be a plethora of new faults and attacks that will require the need to be tracked and managed. This enormous increase on Internet reliance which is stretching the limits of current solutions to network monitoring introduces security concerns, as well as challenges of scale in operation and management. Todays conventional network monitoring and management lacks the flexibility, visibility, and intelligence required to effectively operate the next generation of the Internet. The advent of network softwarisation provides new methods for network management and operation, opening new solutions to net- work monitoring and remediation. In parallel, the increase in maturity of Edge computing lends itself to new solutions for scaling network softwarisation, by deploying services throughout the network. In this thesis, two proof-of-concept systems are presented which together harness the use of Software Defined Networking, Network Functions Virtualisation, and Cloud-to-Fog computing to address challenges of scale and network security: Siren is an open platform which manages the resources within the Internet, bridging network and infrastructure management and orchestration. Tennison is a network monitoring and remediation framework which tackles monitoring scalability through adapting to network context and providing a suitable architecture to the network topology, including the use of centralised, distributed, and hierarchical deployments

FS-OpenSecurity : A taxonomic modeling of security threats in SDN for future sustainable computing

Peer reviewedPublisher PD

Evaluation of machine learning techniques for intrusion detection in software defined networking

Abstract. The widespread growth of the Internet paved the way for the need of a new network architecture which was filled by Software Defined Networking (SDN). SDN separated the control and data planes to overcome the challenges that came along with the rapid growth and complexity of the network architecture. However, centralizing the new architecture also introduced new security challenges and created the demand for stronger security measures. The focus is on the Intrusion Detection System (IDS) for a Distributed Denial of Service (DDoS) attack which is a serious threat to the network system. There are several ways of detecting an attack and with the rapid growth of machine learning (ML) and artificial intelligence, the study evaluates several ML algorithms for detecting DDoS attacks on the system. Several factors have an effect on the performance of ML based IDS in SDN. Feature selection, training dataset, and implementation of the classifying models are some of the important factors. The balance between usage of resources and the performance of the implemented model is important. The model implemented in the thesis uses a dataset created from the traffic flow within the system and models being used are Support Vector Machine (SVM), Naive-Bayes, Decision Tree and Logistic Regression. The accuracy of the models has been over 95% apart from Logistic Regression which has 90% accuracy. The ML based algorithm has been more accurate than the non-ML based algorithm. It learns from different features of the traffic flow to differentiate between normal traffic and attack traffic. Most of the previously implemented ML based IDS are based on public datasets. Using a dataset created from the flow of the experimental environment allows training of the model from a real-time dataset. However, the experiment only detects the traffic and does not take any action. However, these promising results can be used for further development of the model