Top

Published in:

2018 | OriginalPaper | Chapter

On Using Cognition for Anomaly Detection in SDN

Authors : Emilia Tantar, Alexandru-Adrian Tantar, Miroslaw Kantor, Thomas Engel

Published in: EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Through this position paper we aim at providing a prototype cognitive security service for anomaly detection in Software Defined Networks (SDNs). We equally look at strengthening attack detection capabilities in SDNs, through the addition of predictive analytics capabilities. For this purpose, we build a learning-based anomaly detection service called Learn2Defend, based on functionalities provided by Opendaylight. A potential path to cognition is detailed, by means of a Gaussian Processes driven engine that makes use of traffic characteristics/behavior profiles e.g. smoothness of the frequency of flows traversing a given node. Learn2Defend follows a two-fold approach, with unsupervised learning and prediction mechanisms, all in an on-line dynamic SDN context. The prototype does not target to provide an universally valid predictive analytics framework for security, but rather to offer a tool that supports the integration of cognitive techniques in the SDN security services.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Parameter Identification of Stochastic Gene Regulation Models by Indicator-Based Evolutionary Level Set Approximation

next chapter Feature Creation Using Genetic Algorithms for Zero False Positive Malware Classification

Al-Shaer, E., Al-Haj, S.: Flowchecker: configuration analysis and verification of federated openflow infrastructures. In: Sager, T., Ahn, G.-J., Kant, K., Lipford, H.R. (eds.) SafeConfig, pp. 37–44. ACM (2010)

Bishop, C.M.: Pattern recognition and machine learning. In: Information science and statistics. Springer, New York (2006)

Bishop, C.M., Nasrabadi, N.M.: Pattern recognition and machine learning. J. Electron. Imaging 16(4), 049901 (2007)CrossRef

Braga, R., Mota, E., Passito, A.: Lightweight ddos flooding attack detection using nox/openflow. In: IEEE 35th Conference on Local Computer Networks (LCN), 2010, pp. 408–415, Oct 2010

Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)CrossRef

Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)CrossRef

Erickson, D.: The beacon OpenFlow controller. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013, pp. 13–18. ACM, New York (2013)

Floodlight project. http://www.projectfloodlight.org

Genton, M.G.: Classes of kernels for machine learning: a statistics perspective. J. Mach. Learn. Res. 2, 299–312 (2002)MATHMathSciNet

10.

Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput. Netw. 62, 122–136 (2014)CrossRef

11.

Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: Nox: towards an operating system for networks. SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)CrossRef

12.

Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009)CrossRef

13.

Hand, R., Ton, M., Keller, E.: Active security. In: Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks, HotNets-XII, pp. 17:1–17:7. ACM, New York (2013)

14.

Kreutz, D., Ramos, F.M.V., Veríssimo, P.J.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)CrossRef

15.

Krishnan, R., Krishnaswamy, D., Mcdysan, D.: Behavioral security threat detection strategies for data center switches and routers. In: IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2014, pp. 82–87, June 2014

16.

Kukliński, S., Wytrebowicz, J., Dinh, K.T., Tantar, E.: Application of cognitive techniques to network management and control. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V, pp. 79–93. Springer, Cham (2014)

17.

Matsumoto, S., Hitz, S., Perrig, A.: Fleet: defending sdns from malicious administrators. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN 2014, pp. 103–108. ACM, New York (2014)

18.

McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. In: Proceedings of the ACM SIGCOMM 2008 conference, vol. 38(2), pp. 69–74 (2008)

19.

Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)CrossRef

20.

Neal, R.M.: Bayesian Learning for Neural Networks. Springer, New York (1996)CrossRefMATH

21.

OpenDaylight project, 01 May 2015. http://www.opendaylight.org

22.

POX controller. http://www.noxrepo.org/pox/about-pox

23.

Radware. Defense4All, User Guide (2014) https://wiki.opendaylight.org/view/Defense4All:Main

24.

Rasmussen, C.E., Williams, C.K.I.: Gaussian Processes for Machine Learning (Adaptive Computation and Machine Learning). MIT Press, Cambridge (2005)

25.

Sherwood, R., Gibb, G., Yap, K.-K., Appenzeller, G., Casado, M., McKeown, N., Parulkar, G.: FlowVisor: A Network Virtualization Layer. Technical report , Deutsche Telekom Inc. R&D Lab, Stanford, Nicira Networks (2009)

26.

Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy (SP), 2010, pp. 305–316, May 2010

27.

Tantar, E., Palattella, M.R., Avanesov, T., Kantor, M., Engel, T.: Cognition: a tool for reinforcing security in software defined networks. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V, Advances in Intelligent Systems and Computing, vol. 288, pp. 61–78. Springer, Cham (2014)

28.

Yang, L., Dantu, R., Anderson, T.A., Gopal, R.: Forwarding and Control Element Separation (ForCES) Framework, RFC 3746. The Internet Engineering Task Force, April 2004

Title: On Using Cognition for Anomaly Detection in SDN
Authors: Emilia Tantar
Alexandru-Adrian Tantar
Miroslaw Kantor
Thomas Engel
Publisher: Springer International Publishing
Book: EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI
Print ISBN: 978-3-319-69708-6

Electronic ISBN: 978-3-319-69710-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-69710-9_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner