Tennison: A Distributed SDN Framework for Scalable Network Security

Fawcett, Lyndon; Scott-Hayward, Sandra; Broadbent, Matthew; Wright, A.; Race, Nicholas

doi:10.1109/jsac.2018.2871313

Cited by 52 publications

(21 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The centralized control frameworks, such as SDN controllers, oversee and control the entire network from a central vintage point, making it a favorite choice for resource exhaustion and Denial of Service (DoS) attacks [252]. Overwhelming the controller with any kind of traffic can cause a jamming effect, resource exhaustion, or a DoS attack as described in [261], [262]. Traditional mechanisms are mostly reactive, i.e., a challenge occurs and then a solution is deployed, which introduces delay or interruption in services.…”

Section: A ML For Sdnmentioning

confidence: 99%

Machine Learning Meets Communication Networks: Current Trends and Future Challenges

et al. 2020

View full text Add to dashboard Cite

The growing network density and unprecedented increase in network traffic, caused by the massively expanding number of connected devices and online services, require intelligent network operations. Machine Learning (ML) has been applied in this regard in different types of networks and networking technologies to meet the requirements of future communicating devices and services. In this article, we provide a detailed account of current research on the application of ML in communication networks and shed light on future research challenges. Research on the application of ML in communication networks is described in: i) the three layers, i.e., physical, access, and network layers; and ii) novel computing and networking concepts such as Multi-access Edge Computing (MEC), Software Defined Networking (SDN), Network Functions Virtualization (NFV), and a brief overview of ML-based network security. Important future research challenges are identified and presented to help stir further research in key areas in this direction. INDEX TERMS Communication networks, machine learning, physical layer, MAC layer, network layer, SDN, NFV, MEC, security, artificial intelligence (AI) I. INTRODUCTION T HE security, availability and performance demands of new applications, services and devices are increasing at a pace higher than anticipated. Real-time responsiveness in application areas like e-health, traffic, and industry requires communication networks to make real-time decisions autonomously. Such real-time autonomous decision-making requires that the network must react and learn from the environment, and control itself without human interventions. However, communication networks have until now taken a different path. Traditional networks rely on human involvement to respond manually to changes such as traffic variation, updates in network functions and services, security breaches, and faults. Human-machine interactions have resulted in network downtime [1], have opened the network to security vulnerabilities [2], and lead to many other challenges in current communication networks [3], [4]. The requirement for human interaction or manual configuration constitutes a major hindrance for a network to use its past experiences to adapt to changing requirements. The general idea is to predict the (future) behavior of a service, network segment, user or User Equipment (UE), and tune the network at run-time based on this information. For instance, the movement trajectory of a user can be predicted using

show abstract

Section: A ML For Sdnmentioning

confidence: 99%

Machine Learning Meets Communication Networks: Current Trends and Future Challenges

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Other relevant works on the topic include [24] and [25]. OpenNetMon [24], for traffic monitoring (flow-related information collection with OpenFlow), uses an adaptive polling rate that increases and decreases respectively when the measurement values differ between samples and when the values stabilize.…”

Section: Related Workmentioning

confidence: 99%

“…OpenNetMon [24], for traffic monitoring (flow-related information collection with OpenFlow), uses an adaptive polling rate that increases and decreases respectively when the measurement values differ between samples and when the values stabilize. TENNISON [25] is a distributed security framework with effective and proportionate monitoring. It offers multilevel monitoring using appropriate tools (sFlow, IPFIX, DPI) from layer 1 to layer 2.…”

Section: Related Workmentioning

confidence: 99%

Novel Adaptive Data Collection based on a Confidence Index in SDN

Nougnanke

Labit

2020

2020 IEEE 17th Annual Consumer Communications &Amp; Networking Conference (CCNC)

View full text Add to dashboard Cite

SDN makes networks programmable by bringing flexibility in their control and management. An SDN controller decides how packets should be forwarded and installs flow rules on the data-plane devices for this end. For efficient control and management, the SDN controller needs to monitor the network state continuously in order to have an accurate and up-todate view of the underlying data-plane. The need for this highvisibility on the network brings specific types of monitoring as streaming telemetry where data is streamed continuously from network devices (wired switches, wireless energy constrained nodes, etc.) as bulk time series data. But this may generate a lot of overhead. Adaptive monitoring techniques provide ways to reduce this overhead, but generally, they require complex user parameter tuning and also they effectively handle data dissemination overhead with counterpart certain energy-consuming treatment on the source nodes. In light of this, we propose novel adaptive sampling technique based on a confidence index that considerably reduces the number of exchanged messages about 55-70 % while maintaining an accurately collected data, represented by the explained variance score that is about 0.7 and 0.8. And more, our proposition achieves these results while being a lightweight solution for source nodes.

show abstract

“…VHNDA distributes diverse variants, which are various implementations of the same functionality, to network nodes to limit the propagation of malicious traffic. In [26], a novel distributed SDN security framework for multi-level flow monitoring named TENNISON is proposed. TENNISON can monitor a large number of flows and perform deep packet inspection (DPI) on selected flows.…”

Section: B Sdn-based Cyber-securitymentioning

confidence: 99%

Secure Collecting, Optimizing, and Deploying of Firewall Rules in Software-Defined Networks

et al. 2020

View full text Add to dashboard Cite

Firewalls are a fundamental element of network security systems with the ability to block network data traffic flows according to pre-defined rules. Software-defined networking (SDN) technology, which can provide flexibility, elasticity, and programmability for network management, has been applied to network security systems. We propose a software-defined firewall cyber-security system, which securely gathers the firewall rules of the host/network-based firewalls through the SDN control plane, converts the collected firewall rules in the form of SDN flow rules, and deploys them on OpenFlow (OF)-enabled switches. Furthermore, we formulate an optimization problem to find appropriate OF-enabled switches to which the SDN flow rules are to be sent. The proposed firewall system makes the traffic flows that are destined to be dropped by a firewall be dropped in advance at the OF-enabled switch with the corresponding SDN flow rules. The SDN-based testbed experiments demonstrate that the proposed firewall system reduces the aggregate network traffic volume and the resource utilization of end-hosts in the network.

show abstract

Tennison: A Distributed SDN Framework for Scalable Network Security

Cited by 52 publications

References 31 publications

Machine Learning Meets Communication Networks: Current Trends and Future Challenges

Machine Learning Meets Communication Networks: Current Trends and Future Challenges

Novel Adaptive Data Collection based on a Confidence Index in SDN

Secure Collecting, Optimizing, and Deploying of Firewall Rules in Software-Defined Networks

Contact Info

Product

Resources

About