A scalable anomaly detection and mitigation architecture for legacy networks via an OpenFlow middlebox

Giotis, Kostas; Androulidakis, Georgios; Maglaris, Vasilis

doi:10.1002/sec.1368

Cited by 22 publications

(12 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, a local control agent is introduced on the switch to enable performing localised actions ordered by the control layer. The work proposed by Giotis et al, [29] use OpenFlow middleboxes to stop malicious flows of a DDoS attack in legacy networks. This work handle traffic on a per-flow level within an NFV context.…”

Section: State Of the Artmentioning

confidence: 99%

Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks

Serrano-Mamolar

Pervez

Calero

et al. 2018

Computers & Security

View full text Add to dashboard Cite

Currently, there is no any effective security solution which can detect cyber-attacks against 5G networks where multitenancy and user mobility are some unique characteristics that impose significant challenges over such security solutions. This paper focuses on addressing a transversal detection system to be able to protect at the same time, infrastructures, tenants and 5G users in both edge and core network segments of the 5G multitenant infrastructures. A novel approach which significantly extends the capabilities of a commonly used IDS, to accurately identify attacking nodes in a 5G network, regardless of multiple network traffic encapsulations, has been proposed in this paper. The proposed approach is suitable to be deployed in almost all 5G network segments including the Mobile Edge Computing. Both architectural design and data models are described in this contribution. Empirical experiments have been carried out a realistic 5G multi-tenant infrastructures to intensively validate the design of the proposed approach regarding scalability and flexibility.

show abstract

Section: State Of the Artmentioning

confidence: 99%

Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks

Serrano-Mamolar

Pervez

Calero

et al. 2018

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Each of the switches is running our prototype, with end-point Switches 1-4 continually analysing gathered statistics for potential anomalies, while Switches 5-7 are only involved in the detection process if specifically invoked. From the large range of possible attacks that can be evaluated, we decided to use a subset of available anomalies that represent a wide variety of attacks and allow us to accurately measure the performance of our proposed solution: Brute Force access which contain comparable patterns to 0-day attacks, DDoS attacks which are already being thoroughly investigated in other approaches [3], and Port Scans. This wide spread set of vulnerabilities contain features with large variations between them, therefore allowing us to thoroughly test the applicability of our prototype to the different styles of anomalies.…”

Section: A Experimental Setupmentioning

confidence: 99%

“…In this paper, we propose a two-level approach for network anomaly detection [2], [3], which combines coarse-grained monitoring performance with the accuracy of fine-grained analysis, resulting in improved detection accuracy with minimal performance costs. We further enhance the architecture by enabling execution within a distributed environment.…”

Section: Introductionmentioning

confidence: 99%

Distributed, multi-level network anomaly detection for datacentre networks

Mircea

Jouët

Marnerides

et al. 2017

2017 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Over the past decade, numerous systems have been proposed to detect and subsequently prevent or mitigate security vulnerabilities. However, many existing intrusion or anomaly detection solutions are limited to a subset of the traffic due to scalability issues, hence failing to operate at line-rate on large, highspeed datacentre networks. In this paper, we present a two-level solution for anomaly detection leveraging independent execution and message passing semantics. We employ these constructs within a network-wide distributed anomaly detection framework that allows for greater detection accuracy and bandwidth cost saving through attack path reconstruction.Experimental results using real operational traffic traces and known network attacks generated through the Pytbull IDS evaluation framework, show that our approach is capable of detecting anomalies in a timely manner while allowing reconstruction of the attack path, hence further enabling the composition of advanced mitigation strategies. The resulting system shows high detection accuracy when compared to similar techniques, at least 20% better at detecting anomalies, and enables full path reconstruction even at smallto-moderate attack traffic intensities (as a fraction of the total traffic), saving up to 75% of bandwidth due to early attack detection.

show abstract

“…It becomes easier to detect and mitigate DDoS attacks in network, as policies could be imposed easily on devices, and central traffic filtering to detect malicious flow could be imposed. One study shows how DDoS in legacy network could be resolved using OpenFlow middle boxes that is capable of blocking attack sources easily. But at the same time, it has slower processing capability compared with hardware.…”

Section: Distributed Denial Of Service Attackmentioning

confidence: 99%

Research Trends in Security and DDoS in SDN

Dayal

Maity

Srivastava

et al. 2016

Security Comm Networks

View full text Add to dashboard Cite

Software‐Defined Networks (SDNs) are emerging as one of the most promising new era network technologies with its centralized and easily programmable nature. Many security issues with legacy networks could easily be resolved using SDNs central management and control; at the same time, security vulnerabilities of this technology are still the biggest concern of researchers and industries for adapting this technology. In this paper, a comprehensive review on security aspects of SDN is presented, considering how researchers are utilizing its features for providing security as well as their concerns about its security. Further, a critical comparison of existing countermeasures against SDN security including distributed denial of service (DDoS) is presented. This analysis includes the research works that have been done since the origin of OpenFlow protocol till 2015, including the contributions made by industries as well as universities towards securing the SDN framework. We have also compared our survey with existing surveys. The motivation behind this survey is to identify security concerns of SDN and ongoing research in this field. We have focused on DDoS in SDN mainly, which has not been much targeted by research surveys. By highlighting the current state of the art in this domain, we could facilitate researchers with a broad overview of advancement of research in SDN security and DDoS. Copyright © 2017 John Wiley & Sons, Ltd.

show abstract

A scalable anomaly detection and mitigation architecture for legacy networks via an OpenFlow middlebox

Cited by 22 publications

References 20 publications

Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks

Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks

Distributed, multi-level network anomaly detection for datacentre networks

Research Trends in Security and DDoS in SDN

Contact Info

Product

Resources

About