Abstract
Nowadays, Software-Defined Networks (SDNs) are increasingly being used in many practical settings, posing a variety of security risks, such as compromised switches. Once a switch is compromised by an attacker, the switch may be either malfunctioning or misconfigured, displaying some abnormal network behaviors, e.g., delaying, dropping, adding, or modifying the traffic. In our previous work, we proposed an efficient scheme for detecting compromised SDN switches based on chaotic analysis of network traffic using an autoregressive-integrated-moving-average model. This scheme showed good results overall; however, it still showed high false-alarm rates due to a hard-set threshold. In this paper, we propose an enhanced scheme to detect compromised SDN switches effectively and reliably. The scheme consists of two phases (online and offline), leveraging the advantages of a stochastic recurrent neural network variant of multivariate time-series-based anomaly detection. Our main idea is to capture the normal patterns of multivariate time series by learning strong representations with the key techniques, such as planar normalizing flow and stochastic variable connection, then reconstruct input data by the representations, and use the reconstruction probabilities to find anomalies. Evaluation results of our proposed scheme yield outstanding performance in comparison with our previous work and other solutions.
Highlights
The trend of integrating Software-Defined Networking (SDN) [1] with Network Functions Virtualization (NFV) [2] to accomplish various network control and management goals has seen substantial growth
OUR PROPOSAL To resolve the serious issues given above, in this paper, we present a concrete proposal with a novel mechanism that monitors, checks and detects anomalous behaviors of SDN switch traffic
We investigate the vulnerabilities of the SDN switches on the cloud and the present common types of attacks in a cloud-based SDN environment in a distributed manner
Summary
The trend of integrating Software-Defined Networking (SDN) [1] with Network Functions Virtualization (NFV) [2] ( known as the software-defined NFV architecture) to accomplish various network control and management goals has seen substantial growth. A. PROBLEM STATEMENTS Switches in the data plane have no intelligence; they send raw data packets to the controller. PROBLEM STATEMENTS Switches in the data plane have no intelligence; they send raw data packets to the controller This behavior introduces a serious vulnerability that can be exploited by an attacker. From the compromised switch behaviors mentioned above, an attacker can compromise a switch by dropping, slowing down, or misrouting network traffic [13], or by executing flooding attacks against the control plane, either by replaying or spoofing packet_in messages [5]. The proposed mechanism applies a technique that is a multivariate time series anomaly detection through a stochastic recurrent neural network variant, and uses a dynamic threshold selection to automatically set the optimal threshold to differentiate between normal and abnormal SDN switch traffic
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
