Abstract
Through this position paper we aim at providing a prototype cognitive security service for anomaly detection in Software Defined Networks (SDNs). We equally look at strengthening attack detection capabilities in SDNs, through the addition of predictive analytics capabilities. For this purpose, we build a learning-based anomaly detection service called Learn2Defend, based on functionalities provided by Opendaylight. A potential path to cognition is detailed, by means of a Gaussian Processes driven engine that makes use of traffic characteristics/behavior profiles e.g. smoothness of the frequency of flows traversing a given node. Learn2Defend follows a two-fold approach, with unsupervised learning and prediction mechanisms, all in an on-line dynamic SDN context. The prototype does not target to provide an universally valid predictive analytics framework for security, but rather to offer a tool that supports the integration of cognitive techniques in the SDN security services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Shaer, E., Al-Haj, S.: Flowchecker: configuration analysis and verification of federated openflow infrastructures. In: Sager, T., Ahn, G.-J., Kant, K., Lipford, H.R. (eds.) SafeConfig, pp. 37–44. ACM (2010)
Bishop, C.M.: Pattern recognition and machine learning. In: Information science and statistics. Springer, New York (2006)
Bishop, C.M., Nasrabadi, N.M.: Pattern recognition and machine learning. J. Electron. Imaging 16(4), 049901 (2007)
Braga, R., Mota, E., Passito, A.: Lightweight ddos flooding attack detection using nox/openflow. In: IEEE 35th Conference on Local Computer Networks (LCN), 2010, pp. 408–415, Oct 2010
Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 13(2), 222–232 (1987)
Erickson, D.: The beacon OpenFlow controller. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013, pp. 13–18. ACM, New York (2013)
Floodlight project. http://www.projectfloodlight.org
Genton, M.G.: Classes of kernels for machine learning: a statistics perspective. J. Mach. Learn. Res. 2, 299–312 (2002)
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput. Netw. 62, 122–136 (2014)
Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: Nox: towards an operating system for networks. SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)
Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009)
Hand, R., Ton, M., Keller, E.: Active security. In: Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks, HotNets-XII, pp. 17:1–17:7. ACM, New York (2013)
Kreutz, D., Ramos, F.M.V., VerÃssimo, P.J.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Krishnan, R., Krishnaswamy, D., Mcdysan, D.: Behavioral security threat detection strategies for data center switches and routers. In: IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW), 2014, pp. 82–87, June 2014
Kukliński, S., Wytrebowicz, J., Dinh, K.T., Tantar, E.: Application of cognitive techniques to network management and control. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V, pp. 79–93. Springer, Cham (2014)
Matsumoto, S., Hitz, S., Perrig, A.: Fleet: defending sdns from malicious administrators. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, HotSDN 2014, pp. 103–108. ACM, New York (2014)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. In: Proceedings of the ACM SIGCOMM 2008 conference, vol. 38(2), pp. 69–74 (2008)
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)
Neal, R.M.: Bayesian Learning for Neural Networks. Springer, New York (1996)
OpenDaylight project, 01 May 2015. http://www.opendaylight.org
POX controller. http://www.noxrepo.org/pox/about-pox
Radware. Defense4All, User Guide (2014) https://wiki.opendaylight.org/view/Defense4All:Main
Rasmussen, C.E., Williams, C.K.I.: Gaussian Processes for Machine Learning (Adaptive Computation and Machine Learning). MIT Press, Cambridge (2005)
Sherwood, R., Gibb, G., Yap, K.-K., Appenzeller, G., Casado, M., McKeown, N., Parulkar, G.: FlowVisor: A Network Virtualization Layer. Technical report , Deutsche Telekom Inc. R&D Lab, Stanford, Nicira Networks (2009)
Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy (SP), 2010, pp. 305–316, May 2010
Tantar, E., Palattella, M.R., Avanesov, T., Kantor, M., Engel, T.: Cognition: a tool for reinforcing security in software defined networks. In: Tantar, A.-A., et al. (eds.) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation V, Advances in Intelligent Systems and Computing, vol. 288, pp. 61–78. Springer, Cham (2014)
Yang, L., Dantu, R., Anderson, T.A., Gopal, R.: Forwarding and Control Element Separation (ForCES) Framework, RFC 3746. The Internet Engineering Task Force, April 2004
Acknowledgment
This publication is based in parts on work performed in the framework of the IDSECOM project, INTER/POLLUX/ 13/6450335, and CoSDN project, INTER/POLLUX/12/4434480, both funded by the Fonds National de la Recherche, Luxembourg.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Tantar, E., Tantar, AA., Kantor, M., Engel, T. (2018). On Using Cognition for Anomaly Detection in SDN. In: Tantar, AA., Tantar, E., Emmerich, M., Legrand, P., Alboaie, L., Luchian, H. (eds) EVOLVE - A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI. Advances in Intelligent Systems and Computing, vol 674. Springer, Cham. https://doi.org/10.1007/978-3-319-69710-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-69710-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69708-6
Online ISBN: 978-3-319-69710-9
eBook Packages: EngineeringEngineering (R0)