Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach

Ahmed AlEroud, Izzat Alsmadi

Research output: Contribution to journalArticlepeer-review

40 Scopus citations

Abstract

Software Defined Networking is an emerging architecture which focuses on the role of software to manage computer networks. Software Defined Networks (SDNs) introduce several mechanisms to detect specific types of attacks such as Denial of Service (DoS). Nevertheless, they are vulnerable to similar attacks that occur in traditional networks, such as the attacks that target control and data plane. Several techniques are proposed to handle the security vulnerabilities in SDNs. However, it is fairly challenging to create attack signatures, scenarios, or even intrusion detection rules that are applicable to dynamic environments such SDNs. This paper introduces a new approach to identify attacks on SDNs that uses: (1) similarity with existing attacks that target traditional networks, (2) an inference mechanism to avoid false positives and negatives during the prediction process, and (3) a packet aggregation technique which aims at creating attack signatures and use them to predict attacks on SDNs. We validated our approach on two datasets and showed that it yields promising results.

Original languageEnglish (US)
Pages (from-to)152-164
Number of pages13
JournalJournal of Network and Computer Applications
Volume80
DOIs
StatePublished - Feb 15 2017
Externally publishedYes

Keywords

  • Graph mining, Denial of service attacks
  • Information security
  • Intrusion detection
  • Security architecture
  • Software defined networks

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach'. Together they form a unique fingerprint.

Cite this