Biblio

In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.

Today's virtual switches not only support legacy network protocols and standard network management interfaces, but also become adapted to OpenFlow as a prevailing communication protocol. This makes them a core networking component of today's virtualized infrastructures which are able to handle sophisticated networking scenarios in a flexible and software-defined manner. At the same time, these virtual SDN data planes become high-value targets because a compromised switch is hard to detect while it affects all components of a virtualized/SDN-based environment.Most of the well known programmable virtual switches in the market are open source which makes them cost-effective and yet highly configurable options in any network infrastructure deployment. However, this comes at a cost which needs to be addressed. Accordingly, this paper raises an alarm on how attackers may leverage white box analysis of software switch functionalities to lunch effective low profile attacks against it. In particular, we practically present how attackers can systematically take advantage of static and dynamic code analysis techniques to lunch a low rate saturation attack on virtual SDN data plane in a cloud data center.

The difficult of detecting, response, tracing the malicious behavior in cloud has brought great challenges to the law enforcement in combating cybercrimes. This paper presents a malicious behavior oriented framework of detection, emergency response, traceability, and digital forensics in cloud environment. A cloud-based malicious behavior detection mechanism based on SDN is constructed, which implements full-traffic flow detection technology and malicious virtual machine detection based on memory analysis. The emergency response and traceability module can clarify the types of the malicious behavior and the impacts of the events, and locate the source of the event. The key nodes and paths of the infection topology or propagation path of the malicious behavior will be located security measure will be dispatched timely. The proposed IaaS service based forensics module realized the virtualization facility memory evidence extraction and analysis techniques, which can solve volatile data loss problems that often happened in traditional forensic methods.

In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a firewall for a robotic system. ROS-Defender combines anomaly detection systems at application (ROS) level and network level, with dynamic policy enforcement points using software defined networking (SDN) to provide protection against a large class of attacks. Although SIEMs, IPS, and firewall have been previously used to secure computer networks, ROSDefender is applying them for the specific use case of robotic systems, where security is in many cases an afterthought.

The Industrial Internet of Things (IIoT) is a term applied to the industrial application of M2M devices. The security of IIoT devices is a difficult problem and where the automation of critical infrastructure is intended, risks may be unacceptable. Remote attacks are a significant threat and solutions are sought which are secure by default. The problem space may be analyzed using threat modelling methods. Software Defined Networks (SDN) provide mitigation for remote attacks which exploit local area networks. Similar concepts applied to the WAN may improve availability and performance and provide granular data on link characteristics. Schemes such as the Software Defined Perimeter allow IIoT devices to communicate on the Internet, mitigating avenues of remote attack. Finally, separation of duties at the IIoT device may prevent attacks on the integrity of the device or the confidentiality and integrity of its communications. Work remains to be done on the mitigation of DDoS.

The zero-day attack in networks exploits an undiscovered vulnerability, in order to affect/damage networks or programs. The term “zero-day” refers to the number of days available to the software or the hardware vendor to issue a patch for this new vulnerability. Currently, the best-known defense mechanism against the zero-day attacks focuses on detection and response, as a prevention effort, which typically fails against unknown or new vulnerabilities. To the best of our knowledge, this attack has not been widely investigated for Software-Defined Networks (SDNs). Therefore, in this work we are motivated to develop anew zero-day attack detection and prevention mechanism, which is designed and implemented for SDN using a modified sandbox tool, named Cuckoo. Our experiments results, under UNIX system, show that our proposed design successfully stops zero-day malwares by isolating the infected client, and thus, prevents these malwares from infesting other clients.

Software Defined Networking (SDN) is an emerging architecture providing services on a priority basis for real-time communication, by pulling out the intelligence from the hardware and developing a better management system for effective networking. Denial of service (DoS) attacks pose a significant threat to SDN, as it can disable the genuine hosts and routers by exhausting their resources. It is thus vital to provide efficient traffic management, both at the data layer and the control layer, thereby becoming more responsive to dynamic network threats such as DoS. Existing DoS prevention and mitigation models for SDN are computationally expensive and are slow to react. This paper introduces a novel biologically inspired architecture for SDN to detect DoS flooding attacks. The proposed biologically inspired architecture utilizes the concepts of the human immune system to provide a robust solution against DoS attacks in SDNs. The two layer immune inspired framework, viz innate layer and adaptive layer, is initiated at the data layer and the control layer of SDN, respectively. The proposed model is reactive and lightweight for DoS mitigation in SDNs.

Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.

Software defined networks (SDNs) represent new centralized network architecture that facilitates the deployment of services, applications and policies from the upper layers, relatively the management and control planes to the lower layers the data plane and the end user layer. SDNs give several advantages in terms of agility and flexibility, especially for mobile operators and for internet service providers. However, the implementation of these types of networks faces several technical challenges and security issues. In this paper we will focus on SDN's security issues and we will propose the implementation of a centralized security layer named AM-SecP. The proposed layer is linked vertically to all SDN layers which ease packets inspections and detecting intrusions. The purpose of this architecture is to stop and to detect malware infections, we do this by denying services and tunneling attacks without encumbering the networks by expensive operations and high calculation cost. The implementation of the proposed framework will be also made to demonstrate his feasibility and robustness.

The most significant threats to networks usually originate from external entities. As such, the Northbound interface of SDN networks which ensures communication with external applications requires particularly close attention. In this paper we propose the Risk Assessment and Management approach to SEcure SDN (RAMSES). This novel solution is able to estimate the risk associated with traffic demand requests received via the Northbound-API in SDN networks. RAMSES quantifies the impact on network cost incurred by expected traffic demands and specifies the likelihood of adverse requests estimated using the reputation system. Accurate risk estimation allows SDN network administrators to make the right decisions and mitigate potential threat scenarios. This can be observed using extensive numerical verification based on an network optimization tool and several scenarios related to the reputation of the sender of the request. The verification of RAMSES confirmed the usefulness of its risk assessment approach to protecting SDN networks against threats associated with the Northbound-API.

Software-Defined Network's (SDN) core working depends on the centralized controller which implements the control plane. With the help of this controller, security threats like Distributed Denial of Service (DDoS) attacks can be identified easily. A DDoS attack is usually instigated on servers by sending a huge amount of unwanted traffic that exhausts its resources, denying their services to genuine users. Earlier research work has been carried out to mitigate DDoS attacks at the switch and the host level. Mitigation at switch level involves identifying the switch which sends a lot of unwanted traffic in the network and blocking it from the network. But this solution is not feasible as it will also block genuine hosts connected to that switch. Later mitigation at the host level was introduced wherein the compromised hosts were identified and blocked thereby allowing genuine hosts to send their traffic in the network. Though this solution is feasible, it will block the traffic from the genuine applications of the compromised host as well. In this paper, we propose a new way to identify and mitigate the DDoS attack at the application level so that only the application generating the DDoS traffic is blocked and other genuine applications are allowed to send traffic in the network normally.

Keeping Internet users safe from attacks and other threats is one of the biggest security challenges nowadays. Distributed Denial of Service (DDoS) [1] is one of the most common attacks. DDoS makes the system stop working by resource overload. Software Define Networking (SDN) [2] has recently emerged as a new networking technology offering an unprecedented programmability that allows network operators to dynamically configure and manage their infrastructures. The flexible processing and centralized management of SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a new TCP-SYN flood attack mitigation in SDN networks using machine learning. By using a testbed, we implement the proposed algorithms, evaluate their accuracy and address the trade-off between the accuracy and capacity of the security device. The results show that the algorithms can mitigate TCP-SYN Flood attack over 96.

Software Defined Networking (SDN) is very popular due to the benefits it provides such as scalability, flexibility, monitoring, and ease of innovation. However, it needs to be properly protected from security threats. One major attack that plagues the SDN network is the distributed denial-of-service (DDoS) attack. There are several approaches to prevent the DDoS attack in an SDN network. We have evaluated a few machine learning techniques, i.e., J48, Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbors (K-NN), to detect and block the DDoS attack in an SDN network. The evaluation process involved training and selecting the best model for the proposed network and applying it in a mitigation and prevention script to detect and mitigate attacks. The results showed that J48 performs better than the other evaluated algorithms, especially in terms of training and testing time.

Nowadays, video streaming over HTTP is one of the most dominant Internet applications, using adaptive video techniques. Network assisted approaches have been proposed and are being standardized in order to provide high QoE for the end-users of such applications. SAND is a recent MPEG standard where DASH Aware Network Elements (DANEs) are introduced for this purpose. As web-caches are one of the main components of the SAND architecture, the location and the connectivity of these web-caches plays an important role in the user's QoE. The nature of SAND and DANE provides a good foundation for software controlled virtualized DASH environments, and in this paper, we propose a cache location algorithm and a cache migration algorithm for virtualized SAND deployments. The optimal locations for the virtualized DANEs is determined by an SDN controller and migrates it based on gathered statistics. The performance of the resulting system shows that, when SDN and NFV technologies are leveraged in such systems, software controlled virtualized approaches can provide an increase in QoE.

The emergence of IPv6 protocol extends the address pool, but it also exposes all the Internet-connected devices to danger. Currently, there are some traditional schemes on security management of network addresses, such as prevention, traceability and encryption authentication, but few studies work on IPv6 protocol. In this paper, we propose a hierarchical authentication mechanism for the IPv6 source address with the technology of software defined network (SDN). This mechanism combines the authentication of three parts, namely the access network, the intra-domain and the inter-domain. And it can provide a fine-grained security protection for the devices using IPv6 addresses.

Internet of Things (IoT) impacts the current network with many challenges due to the variation, heterogeneity of its devices and running technologies. For those reasons, monitoring and controlling network efficiently can rise the performance of the network and adapts network techniques according to environment measurements. This paper proposes a new privacy aware-IoT architecture that combines the benefits of both Information Centric Network (ICN) and Software Defined Network (SDN) paradigms. In this architecture controlling functionalities are distributed over multiple planes: operational plane which is considered as smart ICN data plane with Controllers that control local clusters, tactical plane which is an Edge environment to take controlling decisions based on small number of clusters, and strategic plane which is a cloud controlling environment to make long-term decision that affects the whole network. Deployment options of this architecture is discussed and SDN enhancement due to in-network caching is evaluated.

Network Function Virtualization (NFV) is a novel paradigm which enables the deployment of network functions on commodity hardware. As such, it also stands for a deployment en-abler for any novel networking function or networking paradigm such as Named Data Networking (NDN), the most promising solution relying on the Information-Centric Networking (ICN) paradigm. However, dedicated solutions for the security and performance orchestration of such an emerging paradigm are still lacking thus preventing its adoption by network operators. In this paper, we propose a first step toward a content-oriented orchestration whose purpose is to deploy, manage and secure an NDN virtual network. We present the way we leverage the TOSCA standard, using a crafted NDN oriented extension to enable the specification of both deployment and operational behavior requirements of NDN services. We also highlight NDN-related security and performance policies to produce counter-measures against anomalies that can either come from attacks or performance incidents.

While the introduction of the softwarelization technologies such as SDN and NFV transfers main focus of network management from hardware to software, the network operators still have to care for a lot of network and computing equipment located in the network center. Toward fully automated network management, we believe that robotic approach will be significant, meaning that robot will care for the physical equipment on behalf of human. This paper explains our experience and insight gained throughout development of a network management robot. We utilize ROS(Robot Operating System) which is a powerful platform for robot development and secures the ease of development and expandability. Our roadmap of the network management robot is also shown as well as three use cases such as environmental monitoring, operator assistance and autonomous maintenance of the equipment. Finally, the paper briefly explains experimental results conducted in a commercial network center.

The requirements regarding network management defined by the continuously rising amount of interconnected devices in the industrial landscape turns it into an increasingly complex task. Associated by the fusion of technologies up to Cyber-Physical Production Systems (CPPS) and the Industrial Internet of Things (IIoT) with its multitude of communicating sensors and actuators new demands arise. In particular, the driving forces of this development, mobility and flexibility, are affecting today's networks. However, it is precisely these wireless solutions, as enabler for this advancement, that create new attack vectors and cyber-security threats. Furthermore, many cryptographic procedures, intended to secure the networks, require additional overhead, which is limiting the transmission bandwidth and speed as well. For this reason, new and efficient solutions must be developed and applied, in order to secure the existing, as well as the future, industrial communication networks. This work proposes a conceptual approach, consisting of a combination of Software-Defined Networking (SDN) and Physical Layer Security (PhySec) to satisfy the network security requirements. Use cases are explained that demonstrate the appropriateness of the approach and it is shown that this is a easy to use and resource efficient, but nevertheless sound and secure approach.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

Denial-of-Service attack (DoS attack) is an attack on network in which an attacker tries to disrupt the availability of network resources by overwhelming the target network with attack packets. In DoS attack it is typically done using a single source, and in a Distributed Denial-of-Service attack (DDoS attack), like the name suggests, multiple sources are used to flood the incoming traffic of victim. Typically, such attacks use vulnerabilities of Domain Name System (DNS) protocol and IP spoofing to disrupt the normal functioning of service provider or Internet user. The attacks involving DNS, or attacks exploiting vulnerabilities of DNS are known as DNS based DDOS attacks. Many of the proposed DNS based DDoS solutions try to prevent/mitigate such attacks using some intelligent non-``network layer'' (typically application layer) protocols. Utilizing the flexibility and programmability aspects of Software Defined Networks (SDN), via this proposed doctoral research it is intended to make underlying network intelligent enough so as to prevent DNS based DDoS attacks.

Software Defined Network (SDN) is a revolutionary idea to realize software-driven network with the separation of control and data planes. In essence, SDN addresses the problems faced by the traditional network architecture; however, it may as well expose the network to new attacks. Among other attacks, distributed denial of service (DDoS) attacks are hard to contain in such software-based networks. Existing DDoS mitigation techniques either lack in performance or jeopardize the accuracy of the attack detection. To fill the voids, we propose in this paper a machine learning-based DDoS mitigation technique for SDN. First, we create a model for DDoS detection in SDN using NSL-KDD dataset and then after training the model on this dataset, we use real DDoS attacks to assess our proposed model. Obtained results show that the proposed technique equates favorably to the current techniques with increased performance and accuracy.

The emergence of Software Defined Network (SDN) and its promises in networking technology has gotten every stakeholder excited. However, it is believed that every technological development comes with its own challenges of which the most prominent in this case is security. This paper presents a real time detection of the distributed denial of service (DDoS) attacks on the SDN and a control method based on the sFlow mitigation technology. sFlow analyses samples of packets collected from the network traffic and generates handling rules to be sent to the controller in case of an attack detection. The implementation was done by emulating the network in Mininet which runs on a Virtual Machine (VM) and it was shown that the proposed method effectively detects and mitigates DDoS attacks.

With software defined networking and network function virtualization technologies, networks can be programmed to have customized processing and paths for different traffic at manageable costs and for massive numbers of applications. Now, picture a future Internet where each entity - a person, an organization, or an autonomous system - has the ability to choose how traffic in their respective network sessions is routed and processed between itself and its counterparts. The network is, essentially, liberated from today's homogeneous IP-based routing and limited connection options. To realize such a network paradigm, we propose a software defined exchange architecture that can provide the needed network programmability, session-level customization, and scale. We present a case study for traffic-analysis-resistant communication among individuals, campuses, or web services, where IP addresses no longer need to have a one-to-one correspondence with service providers.