A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan
The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and well-managed next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwardi...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Published: |
2016
|
| Subjects: | |
| Online Access: | http://studentsrepo.um.edu.my/7020/ http://studentsrepo.um.edu.my/7020/4/adnan.pdf |
| _version_ | 1848773305291505664 |
|---|---|
| author | Adnan, - |
| author_facet | Adnan, - |
| author_sort | Adnan, - |
| building | UM Research Repository |
| collection | Online Access |
| description | The revolutionary concept of Software Defined Networks (SDNs) potentially provides
flexible and well-managed next-generation networks. All the hype surrounding the SDNs
is predominantly because of its centralized management functionality, the separation of
the control plane from the data forwarding plane, and enabling innovation through network
programmability. Such distinguishing features make SDNs flexible, vendor agnostic,
programmable, cost effective, and create an innovative network environment. Despite
the promising architecture, security was not considered as part of the initial SDN design.
Moreover, security concerns are potentially augmented considering the logical centralization
of network intelligence. The motivation of this dissertation is to address the defense
space against the threat of attacks in SDNs that primarily target the control plane to wrest
either full or partial control of the entire network. Additionally, this problem exacerbates
in the context of SDNs unlike traditional networks. The SDN controller signifies a
single point of failure and thus serves as a potential primary target for attackers. Consequently,
the controller compromise in any way would certainly throw the entire network
into chaos. Besides, the operational semantics of the OpenFlow mandates unmatched
packets to be sent directly to the controller lower the barrier of mounting sophisticated
attacks on the SDN controller. Moreover, at present, the control plane has no built-in security
mechanism that prevents malicious SDN agents from sending authorized but forged
flows to corrupt the controller state or bring the entire network down, in the worst case,
even if the OpenFlow is Transport Layer Security (TLS) enabled. Likewise, the soft programmable
switches that are directly connected to the controller running atop end host
servers are attractive targets for attackers to initiate control plane flooding; apart from
authorized but untrusted hosts. To preserve the correct functioning of the entire SDN architecture,
an efficient detection of various distributed coordinated attacks and anomalies triggered by large-scale malicious events that predominantly target the control plane is
of paramount concern and an increasingly important research topic. As a result, developing
an efficient controller-agnostic network intrusion-detection method is imperative.
We propose a diverse fusion-selection approach that stands on Oracle to be applied to the
classifier ensemble design, where the Oracle is a random linear function. We argue that
the proposed method adds extra-diversity while promoting a higher level of intrusiondetection
accuracy to effectively identify a wide variety of sophisticated network security
attacks. We perform a rigorous evaluation of the proposed method by testing using Floodlight
and Mininet to emulate SDN setting. We model the solution in the real setting of
SDNs using High Level Petri Nets (HLPN), analyze the rules with Z language, and formally
verified the correct functioning using Z3 SMT solver. To validate our proposed
approach, we also carried simulation using a publicly available benchmark data-set with
K-fold cross validation to exhibit the performance of the proposed method. The verification
of the proposed approach is made with current state-of-the-art algorithms. Moreover,
to show the resulting significant performance of the proposed approach to be optimistically
unbiased, we employed a ten-fold cross-validation. |
| first_indexed | 2025-11-14T13:40:18Z |
| format | Thesis |
| id | um-7020 |
| institution | University Malaya |
| institution_category | Local University |
| last_indexed | 2025-11-14T13:40:18Z |
| publishDate | 2016 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | um-70202019-10-23T19:53:49Z A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan Adnan, - QA76 Computer software The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and well-managed next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwarding plane, and enabling innovation through network programmability. Such distinguishing features make SDNs flexible, vendor agnostic, programmable, cost effective, and create an innovative network environment. Despite the promising architecture, security was not considered as part of the initial SDN design. Moreover, security concerns are potentially augmented considering the logical centralization of network intelligence. The motivation of this dissertation is to address the defense space against the threat of attacks in SDNs that primarily target the control plane to wrest either full or partial control of the entire network. Additionally, this problem exacerbates in the context of SDNs unlike traditional networks. The SDN controller signifies a single point of failure and thus serves as a potential primary target for attackers. Consequently, the controller compromise in any way would certainly throw the entire network into chaos. Besides, the operational semantics of the OpenFlow mandates unmatched packets to be sent directly to the controller lower the barrier of mounting sophisticated attacks on the SDN controller. Moreover, at present, the control plane has no built-in security mechanism that prevents malicious SDN agents from sending authorized but forged flows to corrupt the controller state or bring the entire network down, in the worst case, even if the OpenFlow is Transport Layer Security (TLS) enabled. Likewise, the soft programmable switches that are directly connected to the controller running atop end host servers are attractive targets for attackers to initiate control plane flooding; apart from authorized but untrusted hosts. To preserve the correct functioning of the entire SDN architecture, an efficient detection of various distributed coordinated attacks and anomalies triggered by large-scale malicious events that predominantly target the control plane is of paramount concern and an increasingly important research topic. As a result, developing an efficient controller-agnostic network intrusion-detection method is imperative. We propose a diverse fusion-selection approach that stands on Oracle to be applied to the classifier ensemble design, where the Oracle is a random linear function. We argue that the proposed method adds extra-diversity while promoting a higher level of intrusiondetection accuracy to effectively identify a wide variety of sophisticated network security attacks. We perform a rigorous evaluation of the proposed method by testing using Floodlight and Mininet to emulate SDN setting. We model the solution in the real setting of SDNs using High Level Petri Nets (HLPN), analyze the rules with Z language, and formally verified the correct functioning using Z3 SMT solver. To validate our proposed approach, we also carried simulation using a publicly available benchmark data-set with K-fold cross validation to exhibit the performance of the proposed method. The verification of the proposed approach is made with current state-of-the-art algorithms. Moreover, to show the resulting significant performance of the proposed approach to be optimistically unbiased, we employed a ten-fold cross-validation. 2016 Thesis NonPeerReviewed application/pdf http://studentsrepo.um.edu.my/7020/4/adnan.pdf Adnan, - (2016) A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan. PhD thesis, University of Malaya. http://studentsrepo.um.edu.my/7020/ |
| spellingShingle | QA76 Computer software Adnan, - A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title | A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title_full | A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title_fullStr | A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title_full_unstemmed | A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title_short | A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan |
| title_sort | controller-agnostic random oracle based intrusion detection method in software defined networks / adnan |
| topic | QA76 Computer software |
| url | http://studentsrepo.um.edu.my/7020/ http://studentsrepo.um.edu.my/7020/4/adnan.pdf |