TY - JOUR
T1 - Signature and flow statistics based anomaly detection system in software-defined networking for 6G internet of things network
AU - Nazar, Muhammad Junaid
AU - Alhudhaif, Adi
AU - Qureshi, Kashif Naseer
AU - Iqbal, Saleem
AU - Jeon, Gwanggil
N1 - Publisher Copyright:
© 2021, The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden.
PY - 2023/2
Y1 - 2023/2
N2 - The classical networks are vertically integrated into which control and data plane are connected which makes it more difficult to manage. Software-Defined Networking (SDN) is an emerging technology that broke this vertical integration and separates the data plane from the control plane. The entire network control is (logically) centralized that maintains a view of the network. However, the centralized controller brings a lot of security challenges. Traffic flowing through an SDN is vulnerable to disruptions caused by some of the SDN switches. In this paper, the malicious behavior on SDN switches is identified that causes disturbance in a network. The proposed system is based on attack signatures and is also capable to detect such misbehaving switches that drop and swap packets due to their malign intent rather than link failure. Every attack has some signature, and these attacks are identified by predefined signatures and their different behavior. The identification of three different attacks is demonstrated: (1) DDoS attack, (2) port scanning, and iii) traffic diversion attack to assess the network performance. The pool of attack signature is established in a database and update the system supplied pool of signature. Lastly, the conclusion is made by demonstrating the anomaly detection and evaluating the performance of the network by presenting experimental results. The experimental results demonstrate the effectiveness of the proposed work and illustrate the detection mechanism that can detect attacks, achieve high detection accuracy with a low false-positive rate, and discussing some future work.
AB - The classical networks are vertically integrated into which control and data plane are connected which makes it more difficult to manage. Software-Defined Networking (SDN) is an emerging technology that broke this vertical integration and separates the data plane from the control plane. The entire network control is (logically) centralized that maintains a view of the network. However, the centralized controller brings a lot of security challenges. Traffic flowing through an SDN is vulnerable to disruptions caused by some of the SDN switches. In this paper, the malicious behavior on SDN switches is identified that causes disturbance in a network. The proposed system is based on attack signatures and is also capable to detect such misbehaving switches that drop and swap packets due to their malign intent rather than link failure. Every attack has some signature, and these attacks are identified by predefined signatures and their different behavior. The identification of three different attacks is demonstrated: (1) DDoS attack, (2) port scanning, and iii) traffic diversion attack to assess the network performance. The pool of attack signature is established in a database and update the system supplied pool of signature. Lastly, the conclusion is made by demonstrating the anomaly detection and evaluating the performance of the network by presenting experimental results. The experimental results demonstrate the effectiveness of the proposed work and illustrate the detection mechanism that can detect attacks, achieve high detection accuracy with a low false-positive rate, and discussing some future work.
KW - 6G
KW - Anomaly detection
KW - Fast failover
KW - Flow table
KW - IoT
KW - Link failure
KW - Malicious behavior
KW - Misrouting
KW - OpenFlow (OF)
KW - Security
KW - Software-defined networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85109303174&partnerID=8YFLogxK
U2 - 10.1007/s13198-021-01162-3
DO - 10.1007/s13198-021-01162-3
M3 - Article
AN - SCOPUS:85109303174
SN - 0975-6809
VL - 14
SP - 87
EP - 97
JO - International Journal of System Assurance Engineering and Management
JF - International Journal of System Assurance Engineering and Management
IS - 1
ER -