A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan
The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and well-managed next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwardi...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2016
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/7020/ http://studentsrepo.um.edu.my/7020/4/adnan.pdf |
| Summary: | The revolutionary concept of Software Defined Networks (SDNs) potentially provides
flexible and well-managed next-generation networks. All the hype surrounding the SDNs
is predominantly because of its centralized management functionality, the separation of
the control plane from the data forwarding plane, and enabling innovation through network
programmability. Such distinguishing features make SDNs flexible, vendor agnostic,
programmable, cost effective, and create an innovative network environment. Despite
the promising architecture, security was not considered as part of the initial SDN design.
Moreover, security concerns are potentially augmented considering the logical centralization
of network intelligence. The motivation of this dissertation is to address the defense
space against the threat of attacks in SDNs that primarily target the control plane to wrest
either full or partial control of the entire network. Additionally, this problem exacerbates
in the context of SDNs unlike traditional networks. The SDN controller signifies a
single point of failure and thus serves as a potential primary target for attackers. Consequently,
the controller compromise in any way would certainly throw the entire network
into chaos. Besides, the operational semantics of the OpenFlow mandates unmatched
packets to be sent directly to the controller lower the barrier of mounting sophisticated
attacks on the SDN controller. Moreover, at present, the control plane has no built-in security
mechanism that prevents malicious SDN agents from sending authorized but forged
flows to corrupt the controller state or bring the entire network down, in the worst case,
even if the OpenFlow is Transport Layer Security (TLS) enabled. Likewise, the soft programmable
switches that are directly connected to the controller running atop end host
servers are attractive targets for attackers to initiate control plane flooding; apart from
authorized but untrusted hosts. To preserve the correct functioning of the entire SDN architecture,
an efficient detection of various distributed coordinated attacks and anomalies triggered by large-scale malicious events that predominantly target the control plane is
of paramount concern and an increasingly important research topic. As a result, developing
an efficient controller-agnostic network intrusion-detection method is imperative.
We propose a diverse fusion-selection approach that stands on Oracle to be applied to the
classifier ensemble design, where the Oracle is a random linear function. We argue that
the proposed method adds extra-diversity while promoting a higher level of intrusiondetection
accuracy to effectively identify a wide variety of sophisticated network security
attacks. We perform a rigorous evaluation of the proposed method by testing using Floodlight
and Mininet to emulate SDN setting. We model the solution in the real setting of
SDNs using High Level Petri Nets (HLPN), analyze the rules with Z language, and formally
verified the correct functioning using Z3 SMT solver. To validate our proposed
approach, we also carried simulation using a publicly available benchmark data-set with
K-fold cross validation to exhibit the performance of the proposed method. The verification
of the proposed approach is made with current state-of-the-art algorithms. Moreover,
to show the resulting significant performance of the proposed approach to be optimistically
unbiased, we employed a ten-fold cross-validation. |
|---|