Top

The Journal of Supercomputing

Published in:

18-04-2023

A two-phase detection method against APT attack on flow table management in SDN

Authors: Xinfeng He, Shuchao Sun

Published in: The Journal of Supercomputing | Issue 14/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Long-term occupation of flow table can occur in the management mechanism of software-defined networking (SDN), which is a prerequisite for APT attacks. The task of detecting such APT attacks in existent research is mainly undertaken by the controller, which results in high computation overhead. To address this problem, a two-phase detection method for APT attacks on flow table management (TMAF) is proposed in this paper. Firstly, the suspicious flow entries are pre-detected in the SDN switch according to the periodicity of the packet. Secondly, the five-dimensional features of suspicious flow entries are selected according to the characteristics of packets in load and frequency, and then the B-P neural network on the controller for further analysis. Experiments show that TMAF reduces the controller’s load and improves the detection efficiency and accuracy compared to existing works. Additionally, the potential risk of APT attacks can be reduced to a certain extent.

previous article BejaGNN: behavior-based Java malware detection via graph neural network

next article Reliable federated learning in a cloud-fog-IoT environment

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Banitalebi Dehkordi A, Soltanaghaei M, Boroujeni FZ (2021) The ddos attacks detection through machine learning and statistical methods in sdn. J Supercomput 77(3):2383–2415CrossRef

Cui Y, Qian Q, Guo C, Shen G, Tian Y, Xing H, Yan L (2021) Towards ddos detection mechanisms in software-defined networking. J Netw Comput Appl 190:103156CrossRef

Shengxu X, Changyou X, Guomin Z, Lihua S, Guyu H (2021) Survey of openflow switch flow table overflow mitigation techniques. J Comput Res Dev 58(7):1544–1562

Li X, Huang Y (2019) A flow table with two-stage timeout mechanism for sdn switches, 1804–1809. IEEE

Cao J, Xu M, Li Q, Sun K, Yang Y, Zheng J (2017) Disrupting sdn via the data plane: a low-rate flow table overflow attack. Springer, Berlin, pp 356–376

Zhijun W, Qing X, Jingjie W, Meng Y, Liang L (2020) Low-rate ddos attack detection based on factorization machine in software defined network. IEEE Access 8:17404–17418CrossRef

Chen X, Hua Q, Zhu Y, Wang Y, Ge L (2019) Research on low-rate ddos attack of sdn network in cloud environment. Tongxin Xuebao 40(6):210–222

Pascoal TA, Dantas YG, Fonseca IE, Nigam V (2017) Slow tcam exhaustion ddos attack. In: IFIP International Conference on ICT Systems Security and Privacy Protection, pp 17–31. Springer

Phan TV, Gias TR, Islam ST, Huong TT, Thanh NH, Bauschert T (2019) Q-mind: defeating stealthy dos attacks in sdn with a machine-learning based defense framework. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp 1–6. IEEE

10.

Xie S, Xing C, Zhang G, Zhao J (2021) A table overflow ldos attack defending mechanism in software-defined networks. Secur Commun Netw 2021

11.

Yu Z, Xiaoming P, Qingzhong L, Junkuo C, Ziqiang L (2017) Apt attacks and defenses. J Tsinghua Univ (Science and Technology) 57(11):1127–1133

12.

Joloudari JH, Haderbadi M, Mashmool A, GhasemiGol M, Band SS, Mosavi A (2020) Early detection of the advanced persistent threat attack using performance analysis of deep learning. IEEE Access 8:186125–186137CrossRef

13.

Fu T, Lu Y, Zhen W (2019) Apt attack situation assessment model based on optimized bp neural network. In: 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), pp 2108–2111. IEEE

14.

Do Xuan C, Dao MH (2021) A novel approach for apt attack detection based on combined deep learning model. Neural Comput Appl 33:13251–13264CrossRef

15.

Shan-Shan J, Ya-Bin X (2017) The apt detection method in sdn. In: 2017 3rd IEEE International Conference on Computer and Communications (ICCC), pp 1240–1245. IEEE

16.

Shan-Shan J, Ya-Bin X (2018) The apt detection method based on attack tree for sdn. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp 116–121

17.

Snow NA, Dasari VR, Geerhart BE (2018) Openflow experimenter labels for encoding adaptive network functions. In: 2018 IEEE 39th Sarnoff Symposium, pp 1–5. IEEE

18.

Emulator for rapid prototyping of Software Defined Networks (2022) https://github.com/mininet/mininet. Accessed June 2

19.

Ryu component-based software defined networking framework (2022) https://github.com/faucetsdn/ryu. Accessed June 4

20.

Scapy: the Python-based interactive packet manipulation program & library (2022) https://github.com/secdev/scapy. Accessed June 7

21.

Liu Z, He Y, Wang W, Zhang B (2019) Ddos attack detection scheme based on entropy and pso-bp neural network in sdn. China Commun 16(7):144–155CrossRef

22.

Pascoal TA, Fonseca IE, Nigam V (2020) Slow denial-of-service attacks on software defined networks. Comput Netw 173:107223CrossRef

23.

El Sayed MS, Le-Khac N-A, Azer MA, Jurcut AD (2022) A flow-based anomaly detection approach with feature selection method against ddos attacks in sdns. IEEE Trans Cognitive Commun Netw 8(4):1862–1880CrossRef

Title: A two-phase detection method against APT attack on flow table management in SDN
Authors: Xinfeng He
Shuchao Sun
Publication date: 18-04-2023
Publisher: Springer US
Published in: The Journal of Supercomputing / Issue 14/2023
Print ISSN: 0920-8542
Electronic ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-023-05281-5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 14/2023

Multivariate outlier filtering for A-NFVLearn: an advanced deep VNF resource usage forecasting technique

A novel cloud model based on multiplicative unbalanced linguistic term set

Classification of arithmetic mental task performances using EEG and ECG signals

Blockchain-enabled secure and efficient data sharing scheme for trust management in healthcare smartphone network

Dynamic stochastic game-based security of edge computing based on blockchain

A novel cryptocurrency price time series hybrid prediction model via machine learning with MATLAB/Simulink

Premium Partner