343 research outputs found
Security attacks and solutions on SDN control plane: A survey
Sommario
Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF ,
che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati
e del piano di controllo . Diversamente dai concetti passati, SDN introduce lâidea di separazione del
piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul
piano di controllo) che sfida lâintegrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi
di rete come router e switch accumulano entrambe le funzioni.
SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilitĂ di essere programmato
su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilitĂ di sicurezza e, tra queste,le
piĂš letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con-
trollo gestiscono lâinfrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi
insicurezza, minacce, malware o problemi durante lo svolgimento delle attivitĂ da parte del controller,
possono causare interruzioni dellâintera rete. In particolare, per la sua posizione centralizzata, il con-
troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilitĂ
che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere
lâintera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN)
sono identificati e classificati in diversi gruppi in base a come causano lâimpatto sul piano di controllo.
Per ottenere risultati, è stata condotta unâampia ricerca bibliografica attraverso uno studio appro-
fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni
per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere
il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla
base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale
sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto
tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi
delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti
durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du-
rante il processo di revisione.
Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract
Software Defined Networks (SDN) is an open programmable network model promoted by ONF that
has been a key-enabler of recent technology trends. SDN explores the separation of data and control
plane. Different from the past concepts, SDN introduces the idea of separation of the control plane
(routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that
challenges the vertical integration achieved by the traditional networks, in which network devices such
as router and switches accumulate both functions.
SDN presents some advantages such as centralized management and the ability to be programmed
on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them,
the most lethal ones are targeting the control plane. As the controllers residing on the control plane
manages the underlying networking infrastructure and devices (i.e., routers/switches), any security
threat, malware, or issues during the carrying out of activities by the controller can lead to disruption
of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a
single point of failure. As a result, any attack or vulnerability targeting the control plane or controller
is considered fatal to the point of disrupting the whole network. In this thesis, the security threats
and attacks targeting the (SDN) control plane are identified and categorized into different groups by
considering how they cause an impact to the control plane.
To obtain results, extensive literature research has been carried out by performing an in-depth study
of the existing research articles that discusses an array of attacks and their corresponding solutions for
the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN)
control plane against potential threats and attacks have been considered. On basis of this task, the
potential articles selected were categorized with respect to their impact to the (SDN) control plane as
direct and indirect. Where applicable a comparison of the solutions addressing the same attack has
been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective
attacks are presented. Finally, a discussion regarding the findings and results obtained during this su-
veying process and future work suggestions extracted during the review process have been discussed.
Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo
An anomaly mitigation framework for IoT using fog computing
The advancement in IoT has prompted its application in areas such as smart homes, smart cities, etc., and this has aided its exponential growth. However, alongside this development, IoT networks are experiencing a rise in security challenges such as botnet attacks, which often appear as network anomalies. Similarly, providing security solutions has been challenging due to the low resources that characterize the devices in IoT networks. To overcome these challenges, the fog computing paradigm has provided an enabling environment that offers additional resources for deploying security solutions such as anomaly mitigation schemes. In this paper, we propose a hybrid anomaly mitigation framework for IoT using fog computing to ensure faster and accurate anomaly detection. The framework employs signature- and anomaly-based detection methodologies for its two modules, respectively. The signature-based module utilizes a database of attack sources (blacklisted IP addresses) to ensure faster detection when attacks are executed from the blacklisted IP address, while the anomaly-based module uses an extreme gradient boosting algorithm for accurate classification of network traffic flow into normal or abnormal. We evaluated the performance of both modules using an IoT-based dataset in terms response time for the signature-based module and accuracy in binary and multiclass classification for the anomaly-based module. The results show that the signature-based module achieves a fast attack detection of at least six times faster than the anomaly-based module in each number of instances evaluated. The anomaly-based module using the XGBoost classifier detects attacks with an accuracy of 99% and at least 97% for average recall, average precision, and average F1 score for binary and multiclass classification. Additionally, it recorded 0.05 in terms of false-positive rates
CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation
Recent research has shown that the integration of Reinforcement Learning (RL)
with Moving Target Defense (MTD) can enhance cybersecurity in
Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing
work is hindered by data privacy concerns associated with centralized data
processing in RL, and the unsatisfactory time needed to learn right MTD
techniques that are effective against a rising number of heterogeneous zero-day
attacks. Thus, this work presents CyberForce, a framework that combines
Federated and Reinforcement Learning (FRL) to collaboratively and privately
learn suitable MTD techniques for mitigating zero-day attacks. CyberForce
integrates device fingerprinting and anomaly detection to reward or penalize
MTD mechanisms chosen by an FRL-based agent. The framework has been deployed
and evaluated in a scenario consisting of ten physical devices of a real IoT
platform affected by heterogeneous malware samples. A pool of experiments has
demonstrated that CyberForce learns the MTD technique mitigating each attack
faster than existing RL-based centralized approaches. In addition, when various
devices are exposed to different attacks, CyberForce benefits from knowledge
transfer, leading to enhanced performance and reduced learning time in
comparison to recent works. Finally, different aggregation algorithms used
during the agent learning process provide CyberForce with notable robustness to
malicious attacks.Comment: 11 pages, 8 figure
A Survey of Network Requirements for Enabling Effective Cyber Deception
In the evolving landscape of cybersecurity, the utilization of cyber
deception has gained prominence as a proactive defense strategy against
sophisticated attacks. This paper presents a comprehensive survey that
investigates the crucial network requirements essential for the successful
implementation of effective cyber deception techniques. With a focus on diverse
network architectures and topologies, we delve into the intricate relationship
between network characteristics and the deployment of deception mechanisms.
This survey provides an in-depth analysis of prevailing cyber deception
frameworks, highlighting their strengths and limitations in meeting the
requirements for optimal efficacy. By synthesizing insights from both
theoretical and practical perspectives, we contribute to a comprehensive
understanding of the network prerequisites crucial for enabling robust and
adaptable cyber deception strategies
TPAAD: twoâphase authentication system for denial of service attack detection and mitigation using machine learning in softwareâdefined network.
Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead
Machine Learning based Attacks Detection and Countermeasures in IoT
While the IoT offers important benefits and opportunities for users, the technology raises various security issues and threats. These threats may include spreading IoT botnets through IoT devices which are the common and most malicious security threat in the world of internet. Protecting the IoT devices against these threats and attacks requires efficient detection. While we need to take into consideration IoT devices memory capacity limitation and low power processors. In this paper, we will focus in proposing low power consumption Machine Learning (ML) techniques for detecting IoT botnet attacks using Random forest as ML-based detection method and describing IoT common attacks with its countermeasures. The experimental result of our proposed solution shows higher accuracy. From the results, we conclude that IoT botnet detection is possible; achieving a higher accuracy rate as an experimental result indicates an accuracy rate of over 99.99% where the true positive rate is 1.000 and the false-negative rate is 0.000
- âŚ