nach oben

Cluster Computing

Erschienen in:

24.03.2023

Towards adding digital forensics capabilities in software defined networking based moving target defense

verfasst von: Muhammad Faraz Hyder, Tasbiha Fatima, Saadia Arshad

Erschienen in: Cluster Computing | Ausgabe 1/2024

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Moving Target Defense (MTD) is a security technique for Software Defined Networks (SDN) to change the attack surface constantly. Although MTD is an effective technique, it makes the digital forensics procedure challenging due to high transitions in the system state. There is an ever-increasing requirement for SDN forensics due to the increasing number of cyberattacks and the adoption of SDN by large-scale cloud service providers, telecommunication operators, and internet service providers. In this paper, we have proposed a digital forensics scheme for MTD-based SDN to record every movement of the MTD for collecting attack-related evidence, especially the attacker (attack source), to augment the forensics investigation. The proposed technique consists of a three-level logging mechanism. The first one is the native logging technique of ONOS. The second is a Java-based logging application called “Java ONOS Logs Collector (JOLC)”, developed to capture MTD-based SDN logs. Lastly, we utilized the Fluentd unified logging tool to dig out evidential data from MTD logs. The experimental testbed comprises an ONOS SDN controller, Mininet, and an event-based MTD application running over SDN using JSON FlowRule scripts on the ONOS controller while using sflow-rt to detect the level of attack/number of packets sent by the attacker. The native ONOS logging mechanism provides initial-level artifacts. The developed JOLC application creates separate files for ONOS and Mininet/host machine logs stored with the current timestamp. Fluentd generates a single file for the SDN controller, Mininet, and host machine logs, along with the flow rule entry into the SDN controller. Experimental results confirmed that our proposed multi-level forensics technique successfully collected all the relevant records.

Vorheriger Artikel A new distributed graph coloring algorithm for large graphs

Nächster Artikel Research on placement of distributed SDN multiple controllers based on IAVOA

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Iqbal, M., Iqbal, F., Mohsin, F., Rizwan, M., Ahmad, F.: Security issues in software defined networking (SDN): risks, challenges and potential solutions. Int. J. Adv. Comput. Sci. Appl. 10(10), 298–303 (2019)

Media, M.: Software defined networking (SDN) Market: industry analysis, future growth, business prospects and forecast to 2023. https://marketersmedia.com/software-defined-networking-sdn-market-industry-analysis-future-growth-business-prospects-and-forecast-to-2023/230230. Accessed 01 Feb 2022

Pradhan, A., Mathew, R.: Solutions to vulnerabilities and threats in software defined networking (SDN). Procedia Comput. Sci. 171, 2581–2589 (2020)CrossRef

Belmonte Martin, A., Marinos, L., Rekleitis, E., Spanoudakis, G., Petroulakis, N.: Threat landscape and good practice guide for software defined networks/5g (2015)

Yang, Y., Cheng, L.: An SDN-based MTD model. Concurr. Comput. 31(21), 4897 (2019)CrossRef

Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., Kambhampati, S.: A survey of moving target defenses for network security. IEEE Commun. Surv. Tutor. 22(3), 1909–1941 (2020). https://doi.org/10.1109/COMST.2020.2982955CrossRef

Cho, J.-H., Sharma, D.P., Alavizadeh, H., Yoon, S., Ben-Asher, N., Moore, T.J., Kim, D.S., Lim, H., Nelson, F.F.: Toward proactive, adaptive defense: a survey on moving target defense. IEEE Commun. Surv. Tutor. 22(1), 709–745 (2020)CrossRef

Patrick Howell O’Neill, M.: 2021 has broken the record for zero-day hacking attacks. https://www.technologyreview.com/2021/09/23/1036140/2021-record-zero-day-hacks-reasons/. Accessed 26 Jan 2022

Sahay, R., Meng, W., Jensen, C.D.: The application of software defined networking on securing computer networks: a survey. J. Netw. Comput. Appl. 131, 89–108 (2019)CrossRef

10.

Benson, T., Akella, A., Maltz, D.A.: Unraveling the complexity of network management. In: NSDI, pp. 335–348 (2009)

11.

Ali, J., Lee, G.-M., Roh, B.-H., Ryu, D.K., Park, G.: Software-defined networking approaches for link failure recovery: A survey. Sustainability 12(10), 4255 (2020)CrossRef

12.

Neama, G.N., Awad, M.K.: An energy efficient integral routing algorithm for software-defined networks. In: 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall), pp. 1–6 (2017). IEEE

13.

Hong, J.B., Kim, D.S.: Assessing the effectiveness of moving target defenses using security models. IEEE Trans. Dependable Secure Comput. 13(2), 163–177 (2015)CrossRef

14.

Zhuang, R., DeLoach, S.A., Ou, X.: Towards a theory of moving target defense. In: Proceedings of the First ACM Workshop on Moving Target Defense, pp. 31–40 (2014)

15.

Waseem, Q., Alshamrani, S.S., Nisar, K., Wan Din, W.I.S., Alghamdi, A.S.: Future technology: software-defined network (SDN) forensic. Symmetry 13(5), 767 (2021)ADSCrossRef

16.

Chica, J.C.C., Imbachi, J.C., Vega, J.F.B.: Security in SDN: a comprehensive survey. J. Netw. Comput. Appl. 159, 102595 (2020)CrossRef

17.

Mininet: Overview. http://mininet.org/overview/. Accessed 24 March 2020

18.

Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W., et al.: Onos: towards an open, distributed sdn os. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 1–6 (2014)

19.

Fluentd: What is Fluentd? https://www.fluentd.org/architecture. Accessed 15 Dec 2021

20.

Khan, S., Gani, A., Wahab, A.W.A., Abdelaziz, A., Ko, K., Khan, M.K., Guizani, M.: Software-defined network forensics: Motivation, potential locations, requirements, and challenges. IEEE Netw. 30(6), 6–13 (2016)CrossRef

21.

Zhang, P., Wang, H., Hu, C., Lin, C.: On denial of service attacks in software defined networks. IEEE Netw. 30(6), 28–33 (2016)CrossRef

22.

Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDOS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2015)CrossRef

23.

Wang, A., Guo, Y., Hao, F., Lakshman, T., Chen, S.: Scotch: Elastically scaling up SDN control-plane using vswitch based overlay. In: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, pp. 403–414 (2014)

24.

Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: A survey. In: 2013 IEEE SDN For Future Networks and Services (SDN4FNS), pp. 1–7 (2013). IEEE

25.

Pascoal, T.A., Fonseca, I.E., Nigam, V.: Slow denial-of-service attacks on software defined networks. Comput. Netw. 173, 107223 (2020)CrossRef

26.

AI Awadi, A.H.R.: Dual-layer SDN model for deploying and securing network forensic in distributed data center. Curr. J. Appl. Sci. Technol. 2, 1–11 (2007)

27.

Wang, H., Yang, G., Chinprutthiwong, P., Xu, L., Zhang, Y., Gu, G.: Towards fine-grained network security forensics and diagnosis in the SDN era. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 3–16 (2018)

28.

Duy, P.T., Do Hoang, H., Khanh, N.B., Pham, V.-H., et al.: Sdnlog-foren: Ensuring the integrity and tamper resistance of log files for SDN forensics using blockchain. In: 2019 6th NAFOSTED Conference on Information and Computer Science (NICS), pp. 416–421 (2019). IEEE

29.

Pandya, M.K., Homayoun, S., Dehghantanha, A.: Forensics investigation of openflow-based SDN platforms. In: Cyber Threat Intelligence, pp. 281–296. Springer (2018)

30.

Mugitama, S.A., Cahyani, N.D.W., Sukamo, P.: An evidence-based technical process for openflow-based SDN forensics. In: 2020 8th International Conference on Information and Communication Technology (ICoICT), pp. 1–6 (2020). IEEE

31.

Aydeger, A., Saputro, N., Akkaya, K.: A moving target defense and network forensics framework for ISP networks using SDN and NFV. Future Gener. Comput. Syst. 94, 496–509 (2019)CrossRef

32.

Zhang, S.H., Meng, X.X., Wang, L.H.: SDN forensics: a comprehensive forensics framework for software defined network. Development 3(4), 5 (2017)

33.

Wu, S., Sun, W., Ding, Z., Liu, S.: Cloud evidence tracing system: an integrated forensics investigation system for large-scale public cloud platform. Forensic Sci. Int. 41, 301391 (2022)

34.

Ye, F., Zheng, Y., Fu, X., Luo, B., Du, X., Guizani, M.: Tamforen: a tamper-proof cloud forensic framework. Trans. Emerg. Telecommun. Technol. 33(4), 4178 (2022)CrossRef

35.

Mazhar, M.S., Saleem, Y., Almogren, A., Arshad, J., Jaffery, M.H., Rehman, A.U., Shafiq, M., Hamam, H.: Forensic analysis on internet of things (IOT) device using machine-to-machine (M2M) framework. Electronics 11(7), 1126 (2022)CrossRef

36.

Yuan, H., Bi, J., Zhou, M., Sedraoui, K.: Warm: Workload-aware multi-application task scheduling for revenue maximization in SDN-based cloud data center. IEEE Access 6, 645–657 (2017)CrossRef

37.

Deore, M., Kulkarni, U.: Malware detection using faster region proposals convolution neural network. Int. J. Interact. Multimedia Artif. Intell. 7(4), 15 (2022)

38.

Kumar, A., Kumar, S.A., Dutt, V., Dubey, A.K.: A hybrid secure cloud platform maintenance based on improved attribute-based encryption strategies. Int. J. Interact. Multimedia Artif. Intell. 15, 1–8 (2021)

39.

Zhu, X., Deng, H.: A security situation awareness approach for IOT software chain based on Markov game model. Int. J. Interact. Multimedia Artif. Intell. 7(5), 8 (2022)

40.

Authors, P.: Prometheus. https://prometheus.io/. Accessed 18 Dec 2021

41.

Labs, G.: Grafana-Loki. https://grafana.com/oss/loki/. Accessed 7 Feb 2022

42.

Zhou, Y., Cheng, G., Yu, S.: An SDN-enabled proactive defense framework for DDOS mitigation in IOT networks. IEEE Trans. Inform. Forensics Secur. 16, 5366–5380 (2021)CrossRef

43.

Hyder, M.F., Ismail, M.A.: Securing control and data planes from reconnaissance attacks using distributed shadow controllers, reactive and proactive approaches. IEEE Access 9, 21881–21894 (2021)CrossRef

44.

Gao, C., Wang, Y., Xiong, X., Zhao, W.: MTDCD: an MTD enhanced cyber deception defense system. In: 2021 IEEE 4th Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), vol. 4, pp. 1412–1417 (2021). IEEE

45.

Elsayed, M.S., Le-Khac, N.-A., Jurcut, A.D.: Insdn: a novel SDN intrusion dataset. IEEE Access 8, 165263–165284 (2020)CrossRef

Titel: Towards adding digital forensics capabilities in software defined networking based moving target defense
verfasst von: Muhammad Faraz Hyder
Tasbiha Fatima
Saadia Arshad
Publikationsdatum: 24.03.2023
Verlag: Springer US
Erschienen in: Cluster Computing / Ausgabe 1/2024
Print ISSN: 1386-7857
Elektronische ISSN: 1573-7543
DOI: https://doi.org/10.1007/s10586-023-03990-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2024

Hybrid enhanced whale optimization algorithm for contrast and detail enhancement of color images

Research on placement of distributed SDN multiple controllers based on IAVOA

Quantum-PSO based unsupervised clustering of users in social networks using attributes

Imperialist competitive based approach for efficient deployment of IoT services in fog computing

Security prioritized multiple workflow allocation model under precedence constraints in cloud computing environment

Online-learning task scheduling with GNN-RL scheduler in collaborative edge computing