SDN Framework for Securing IoT Networks

Krishnan, Prabhakar; Najeem, Jisha S.; Achuthan, Krishnashree

doi:10.1007/978-3-319-73423-1_11

Cited by 31 publications

(17 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Krishnan et al [70] introduce a distributed and hierarchical architecture for large-scale networks, consisting of four (4) layers, namely: (i) Cloud; (ii) Edge; (iii) SDN; and (iv) IoT. High-level management is conducted from the cloud layer, which defines security policies and forwards them to the edge layer.…”

Section: Moving Target Defense-mtdmentioning

confidence: 99%

“…Bhunia and Gurusamy [25] Nguyen et al [58] Rathore et al [59] MTD Krishnan et al [70] Rate limiting Honeypots Yan et al [42] Hybrid SDN-Blockchain Traffic filtering Houda et al [66] The definition of the comparison parameter featuring Table 3 is highlighted in the enumeration outlines below:…”

Section: Flow Filteringmentioning

confidence: 99%

“…Xu et al [55] Krishnan et al [63] Rafique et al [61] Sarwar et al [71] Rafique et al [74] Smart Homes Bhunia and Gurusamy [25] Sharma et al [69] IoT Data Centers Bawany and Shamsi [31] Industrial IoT Yan et al [42] Ship communication systems Sahay et al [73] Generic Bull et al [72] Özçelik et al [56] Yin et al [54] Krishnan et al [70] Salva-Garcia et al [40] & Molina Zarca et al [57] Nguyen et al [58] Rathore et al [59] Yang et al [60] Houda et al [66] Luo et al [75] Chen et al [45] Nair et al [65] Galeano-Brajones et al [68] Ravi and Shalinie [64] The techniques that rely on the analysis of network flow statistics to detect anomalous actions are efficient in containing volumetric attacks, which are based on high traffic rates [80]. Concerning this, there are solutions based on the following strategies: rate limiting, cosine similarity, traceback, and flow prioritization, as outlined in Table 5.…”

Section: Sdn Control Planementioning

confidence: 99%

See 2 more Smart Citations

A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios

Silva

Neto

et al. 2020

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) has attracted much attention from the Information and Communication Technology (ICT) community in recent years. One of the main reasons for this is the availability of techniques provided by this paradigm, such as environmental monitoring employing user data and everyday objects. The facilities provided by the IoT infrastructure allow the development of a wide range of new business models and applications (e.g., smart homes, smart cities, or e-health). However, there are still concerns over the security measures which need to be addressed to ensure a suitable deployment. Distributed Denial of Service (DDoS) attacks are among the most severe virtual threats at present and occur prominently in this scenario, which can be mainly owed to their ease of execution. In light of this, several research studies have been conducted to find new strategies as well as improve existing techniques and solutions. The use of emerging technologies such as those based on the Software-Defined Networking (SDN) paradigm has proved to be a promising alternative as a means of mitigating DDoS attacks. However, the high granularity that characterizes the IoT scenarios and the wide range of techniques explored during the DDoS attacks make the task of finding and implementing new solutions quite challenging. This problem is exacerbated by the lack of benchmarks that can assist developers when designing new solutions for mitigating DDoS attacks for increasingly complex IoT scenarios. To fill this knowledge gap, in this study we carry out an in-depth investigation of the state-of-the-art and create a taxonomy that describes and characterizes existing solutions and highlights their main limitations. Our taxonomy provides a comprehensive view of the reasons for the deployment of the solutions, and the scenario in which they operate. The results of this study demonstrate the main benefits and drawbacks of each solution set when applied to specific scenarios by examining current trends and future perspectives, for example, the adoption of emerging technologies based on Cloud and Edge (or Fog) Computing.

show abstract

Section: Moving Target Defense-mtdmentioning

confidence: 99%

Section: Flow Filteringmentioning

confidence: 99%

Section: Sdn Control Planementioning

confidence: 99%

See 1 more Smart Citation

A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios

Silva

Neto

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…To cope with these pressing security, trust and operational assurance issues, adopting Deep Learning mechanisms that can be orchestrated through the SDN control plane, seems an ideal solution: It can leverage the capabilities of the IoT edge devices, without requiring any additional processing requirements, while providing the necessary scalability envisioned in such environments [17]. SDN centralized control intelligence [18] can provide a flexible, easily configurable and thorough IoT management due to the separation of the fronthaul/backhaul control and data planes [19].…”

Section: Introductionmentioning

confidence: 99%

Orchestrating SDN Control Plane towards Enhanced IoT Security

Hasan

Akhunzada

Giannetsos

et al. 2020

2020 6th IEEE Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively detect sophisticated malware resulting in undesirable (run-time) device and network modifications. This is not an easy task considering the dynamic and heterogeneous nature of IoT environments; i.e., different operating systems, varied connected networks and a wide gamut of underlying protocols and devices. Malicious IoT nodes or gateways can potentially lead to the compromise of the whole IoT network infrastructure. On the other hand, the SDN control plane has the capability to be orchestrated towards providing enhanced security services to all layers of the IoT networking stack. In this paper, we propose an SDN-enabled control plane based orchestration that leverages emerging Long Short-Term Memory (LSTM) classification models; a Deep Learning (DL) based architecture to combat malicious IoT nodes. It is a first step towards a new line of security mechanisms that enables the provision of scalable AI-based intrusion detection focusing on the operational assurance of only those specific, critical infrastructure components,thus, allowing for a much more efficient security solution. The proposed mechanism has been evaluated with current state of the art datasets (i.e., N BaIoT 2018) using standard performance evaluation metrics. Our preliminary results show an outstanding detection accuracy (i.e., 99.9%) which significantly outperforms state-of-the-art approaches. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security does not hinder the deployment of intelligent IoT-based computing systems.

show abstract

“…In our previous articles, we started working in this context by experimenting different design choices and case studies to protect devices inside a particular network (eg, IoT network and virtualized cloud network), exploiting some NIDS algorithms and attack classifiers to realize a prototype framework. We obtained encouraging results from tests carried out on a small data set with simple features.…”

Section: Introductionmentioning

confidence: 99%

SDN/NFV security framework for fog‐to‐things computing infrastructure

2019

Self Cite

View full text Add to dashboard Cite

Summary Currently, core networking architectures are facing disruptive developments, due to emergence of paradigms such as Software‐Defined‐Networking (SDN) for control, Network Function Virtualization (NFV) for services, and so on. These are the key enabling technologies for future applications in 5G and locality‐based Internet of things (IoT)/wireless sensor network services. The proliferation of IoT devices at the Edge networks is driving the growth of all‐connected world of Internet traffic. In the Cloud‐to‐Things continuum, processing of information and data at the Edge mandates development of security best practices to arise within a fog computing environment. Service providers are transforming their business using NFV‐based services and SDN‐enabled networks. The SDN paradigm offers an easily programmable model, global view, and control for modern networks, which demand faster response to security incidents and dynamically enforce countermeasures to intrusions and cyberattacks. This article proposes an autonomic multilayer security framework called Distributed Threat Analytics and Response System (DTARS) for a converged architecture of Fog/Edge computing and SDN infrastructures, for emerging applications in IoT and 5G networks. The major detection scheme is deployed within the data plane, consisting of a coarse‐grained behavioral, anti‐spoofing, flow monitoring and fine‐grained traffic multi‐feature entropy‐based algorithms. We developed exemplary defense applications under DTARS framework, on a malware testbed imitating the real‐life DDoS/botnets such as Mirai. The experiments and analysis show that DTARS is capable of detecting attacks in real‐time with accuracy more than 95% under attack intensities up to 50 000 packets/s. The benign traffic forwarding rate remains unaffected with DTARS, while it drops down to 65% with traditional NIDS for advanced DDoS attacks. Further, DTARS achieves this performance without incurring additional latency due to data plane overhead.

show abstract

SDN Framework for Securing IoT Networks

Cited by 31 publications

References 10 publications

A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios

A Taxonomy of DDoS Attack Mitigation Approaches Featured by SDN Technologies in IoT Scenarios

Orchestrating SDN Control Plane towards Enhanced IoT Security

SDN/NFV security framework for fog‐to‐things computing infrastructure

Contact Info

Product

Resources

About