Kernel-Space Intrusion Detection Using Software-Deﬁned Networking

Chin, Tommy; Xiong, Ke; Rahouti, Mohamed

doi:10.4108/eai.13-7-2018.155168

Cited by 6 publications

(3 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To secure SDN environments, all of the potential security threats need to be anticipated before adversaries exploit their vulnerabilities [198], [258]. Moreover, an efficient threat mitigation model has to consider looking at SDN from the attacker's perspective to highlight potential threats/anomalies on SDN at the architectural level, regardless of whether these threats can be successfully carried out.…”

Section: ) Threat Anticipationmentioning

confidence: 99%

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

et al. 2022

Self Cite

View full text Add to dashboard Cite

Software-Defined networking (SDN) is a networking paradigm to enable dynamic, flexible, and programmatically efficient configuration of networks to revolutionize network control and management via separation of the control plane and data plane. The SDN technology has evolved in response to the demands from large data centers toward all types of networks, from IoT, enterprise, to ISP networks. On the one hand, SDN has provided solutions for high-demand resources, managing unpredictable data traffic patterns, and rapid network reconfiguration. It is further used to enhance network virtualization and security. On the other hand, SDN is still subject to many traditional network security threats. It also introduces new security vulnerabilities, primarily due to its logically centralized control plane infrastructure and functions. In this paper, we conduct a comprehensive survey on the core functionality of SDN from the perspective of secure communication infrastructure at different scales. A specific focus is put forward to address the challenges in securing SDN-based communications, with efforts taken up to address them. We further categorize the appropriate solutions for specific threats at each layer of SDN infrastructures. Lastly, security implications and future research trends are highlighted to provide insights for future research.INDEX TERMS Software defined networks, OpenFlow, security, threat, attack, vulnerability, network security.• Discussion of the future research directions and open challenges hindering resiliency and security in SDNenabled systems. Different from existing papers, this paper provides an up-to-date discussion about security issues in SDN environments. The presented taxonomy covers security threats ranging from topology discovery, network and app manipulation, flow diversion, teleportation & rootkits, controller placement, access control and authorization, to conventional networking threats. Further, in addition to reviewing existing security solutions and related implications, this paper provides key use cases of SDN technology implementation in smart communication systems. This layout is aimed to enable researchers to focus on the challenges that breach security in SDN communications. Ultimately, this work will provide further insights for future research in the SDN security domain.

show abstract

Section: ) Threat Anticipationmentioning

confidence: 99%

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, the solution is based on statistic aggregation, which renders it impractical as data-tocontrol layer saturation attacks may exploit micro-flows. Ker-nelDetect [21,27] suggested a lightweight kernel space-based IDPS using modular string searching and filtering approaches to address DoS threats. AVANT-GUARD [28] presented a solution to alleviate the impact of saturation attacks using flow alteration management in OF devices.…”

Section: Related Workmentioning

confidence: 99%

SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

et al. 2021

Self Cite

View full text Add to dashboard Cite

SYN flood attacks (half-open attacks) have been proven a serious threat to softwaredefined networking (SDN)-enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large-scale networks and realtime applications. For this reason, a novel and adaptive threshold-based kernel-level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN-specific threats on a real-world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

“…7 SDN eases programmability by adopting programmable interfaces to insert and push forwarding rules in SDN switches (e.g., Open vSwitch). 23 In order for us to best leverage the SDN capabilities, the delicate holistic view of flows must be contributory to any networking-enabled application (e.g., traffic engineering, 7 QoS-aware flow routing, 24,25 and flow inspection 6,26 ). Nowadays, cybersecurity in both industry and academia is faced with a dramatically growing set of impedance factors (e.g., threat actors).…”

Section: Integration Of Sdnmentioning

confidence: 99%

Leveraging a cloud‐based testbed and software‐defined networking for cybersecurity and networking education

Rahouti

Xiong

Lin

2021

Engineering Reports

Self Cite

View full text Add to dashboard Cite

Nowadays, real-world learning modules become vital components in computer science and engineering in general and cybersecurity in particular. However, as student enrollments have been dramatically increasing, it becomes more challenging for a university/college to keep up with the quality of education that offers hands-on experiment training for students thoroughly. These challenges include the difficulty of providing sufficient computing resources and keep them upgraded for the increasing number of students. In order for higher education institutions to conquer such challenges, some educators introduce an alternative solution. Namely, they develop and deploy virtual lab experiments on the clouds such as Amazon AWS and the Global Environment for Network Innovations (GENI), where students can remotely access virtual resources for lab experiments. Besides, Software-Defined Networks (SDN) are an emerging networking technology to enhance the security and performance of networked communications with simple management. In this article, we present our efforts to develop learning modules via an efficient deployment of SDN on GENI for computer networking and security education. Specifically, we first give our design methodology of the proposed learning modules, and then detail the implementations of the learning modules by starting from user account creation on the GENI testbed to advanced experimental GENI-enabled SDN labs. It is worth pointing out that in order to accommodate students with different backgrounds and knowledge levels, we consider the varying difficulty levels of learning modules in our design. Finally, student assessment over these pedagogical efforts is discussed to demonstrate the efficiency of the proposed learning modules. K E Y W O R D Sglobal environment for network innovations, security, software-defined networking, networking INTRODUCTIONIn the past several years, information technology (IT) advances have led to a revolutionary improvement in cybersecurity education, where information security is no longer considered an IT department's responsibility. Thus, it becomesThis is an open access article under the terms of the Creative Commons Attribution-NonCommercial License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited and is not used for commercial purposes.

show abstract

Kernel-Space Intrusion Detection Using Software-Deﬁned Networking

Cited by 6 publications

References 31 publications

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

Leveraging a cloud‐based testbed and software‐defined networking for cybersecurity and networking education

Contact Info

Product

Resources

About