No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Autonomic protection of multi-tenant 5G mobile networks against UDP flooding DDoS attacks
Abstract
There is a lack of effective security solutions that autonomously, without any human intervention, detect and mitigate DDoS cyber-attacks. The lack is exacerbated when the network to be protected is a 5G mobile network. 5G networks push multi-tenancy to the edge of the network. Both the 5G user mobility and multi-tenancy are challenges to be addressed by current security solutions. These challenges lead to an insufficient protection of 5G users, tenants and infrastructures. This research proposes a novel autonomic security system, including the design, implementation and empirical validation to demonstrate the efficient protection of the network against Distributed Denial of Service (DDoS) attacks by applying countermeasures decided on and taken by an autonomic system, instead of a human. The self-management architecture provides support for all the different phases involved in a DDoS attack, from the detection of an attack to its final mitigation, through making the appropriate autonomous decisions and enforcing actions. Empirical experiments have been performed to protect a 5G multi-tenant infrastructure against a User Datagram Protocol (UDP) flooding attack, as an example of an attack to validate the design and prototype of the proposed architecture. Scalability results show self-protection against DDoS attacks, without human intervention, in around one second for an attack of 256 simultaneous attackers with 100 Mbps bandwidth per attacker. Furthermore, results demonstrate the proposed approach is flow-, user- and tenant-aware, which allows applying different protection strategies within the infrastructure.
... The motivation for this research is to present a novel framework that enables a smart city administrator to effectively manage and provide security to the IoT device fleet from botnet-based attacks. There are open research challenges in recent studies [31][32][33][34][35][36][37][38][39][40] that require a new comprehensive and practical approach to protect embedded devices in a smart city from botnet attacks, ...
... Mamolar et al. [35] proposed an autonomous detection and mitigation architecture for DDoS attacks on multi-tenant 5G networks. The architecture consists of a data network used for user communications and the Management network interconnecting all autonomous system modules. ...
... The derivation from the achieved 96.10 precision is that the C-BotDet produces a reduced number of false alarms than the Self-Adaptive Deep Learning-Based System (SA-DL), which had the lowest at 68.63% [30]. The Visualized Botnet Detection System (VBDS) has 93.2% [35]. The Recall for the proposed protocol, which is at 93.03%, illustrates the high percentage of actual positives that were identified correctly. ...
Smart Cities contains millions of IoT sensors supporting critical applications such as Smart Transport, Buildings, Intelligent Vehicles, and Logistics. A central administrator appointed by the government manages and maintains the security of each node. Smart City relies upon millions of sensors that are heterogeneous and do not support standard security architecture. Different manufacturers have weak protection protocols for their products and do not update their firmware upon newly identified operating systems’ vulnerabilities. Adversaries using brute force methods exploit the lack of inbuilt security systems on IoT devices to grow their bot network. Smart cities require a standard framework combining soft computing and Deep Learning (DL) for device fleet management and complete control of sensor operating systems for absolute security. This paper presents a real-world application for IoT fleet management security using a lightweight container-based botnet detection (C-BotDet) framework. Using a three-phase approach, the framework using Artificial Intelligence detects compromised IoT devices sending malicious traffic on the network. Balena Cloud revokes API keys and prevents a compromised device from infecting other devices to form a more giant botnet. VPN (Virtual Private Network) prevents inter-device communication and routes all malicious traffic through an external server. The framework quickly updates the standard Linux-based operating system IoT device fleet without relying on different manufacturers to update their system security individually. The simulation and analysis of the C-BotDet framework are presented in a practical working environment to demonstrate its implementation feasibility.
... Multi-tenant 5G mobile networks against UDP flooding DDoS attacks are introduced by Mamolar et al. (Mamolar et al., 2019). In this proposal, a security monitoring agent (SMA) based architecture is designed for combating the flooding attacks of DDoS It is concern by taking countermeasures determined by taking an autonomic system as an alternative to a human. ...
... Such methods are common in (Vidal et al., 2018) and (An and Yang, 2019). The methods in (Kurt et al., 2018) (Mamolar et al., 2019), and (Monge et al., 2019) rely on rule-based systems and prediction based processing. However, the prediction is used for identifying the traffic in the sequential transmission. ...
... The cloud handles a maximum of 180 request processing instances between the SP and GL. In this comparative analysis detection time, true positive rate (TPR), Request delivery, and response ratio are compared with the existing SMA (Mamolar et al., 2019) and EDoS , respectively. ...
Quality of Service (QoS) in a fifth-generation communication network is leveraged through its interoperable information communication technologies. This interoperability improves the scalable and adaptable level of heterogenous users by maximizing the radio and network resources reliably. Denial of service (DoS) turns out to be a threat in granting communication quality and reliability in service responses due to periodic flooding and invariable traffic flows. This manuscript introduces a differential flow management scheme (DFMS) for the 5G communication network for thwarting the impact of DoS adversaries. This scheme classifies the request/ response flow traffic as continuous and discrete and addresses the discrete flow as a sub-optimal differential problem. In this optimization problem, the goal is to converge the time of adversary detection and to re-formulate resource allocation as a continuous flow based on the remaining flows. The invariable flow is modeled for the persistence time based on service and transmission intervals to retain the user equipment's response rate. The experimental results show the proposed scheme's consistency by achieving less adversary detection time, maximizing the request delivery ratio, and retaining the response rate, respectively.
... DDoS attacks can significantly affect the security and reliability of 5G services [14]. For each 5G core network, we used three nodes to simulate realistic DDoS attacks. ...
... The high quality expected is usually seen when educational resources are sufficient, class sizes are minimal, learners' supervision is intensive, the studentteacher ratio is standard and governmental policies are progressive [5]. The struggle to achieve quality education amidst enrollment increases was exacerbated further by the COVID-19 pandemic [6]. In March 2020, 1.5 billion students globally were affected by the temporal closure of schools (UNESCO, 2020). ...
Education 4.0 involves adopting technology in teaching and learning to drive innovation and growth across academic institutions. Artificial Intelligence and Machine Learning are frontrunners in Education 4.0, having already impacted diverse sectors globally. Since the COVID-19 pandemic, the conventional method of teaching and learning has become unpopular among institutions and is currently being replaced with intelligent educational data pattern identification and online learning. The teacher-centred pedagogical paradigm has significantly shifted to a learner-centred pedagogywith the emergence of Education 4.0. Reinforcement Learning has been deployed successfully in diverse sectors, and the educational domain should not be an exemption. This survey discusses Reinforcement Learning, a feedback-based machine learning technique, with application modules in the academicfield. Each module is analysed for the state-action-reward implementation policies with relevant features that define individual use cases. The survey primarily examined the classroom, admission, e learning, library and game development modules. In addition, the survey heightened the foreseeable challenges in the real-world deployment of Reinforcement Learning in educational institutions.
... For the past three decades, several machine learning methods (Beno et al., 2014;Puttaswamy, 2020;, such as Support Vector Machines (SVM), Artificial Neural Networks (ANN) and Decision Trees (DTs) were widely used for network intrusion detection to compensate the shortcoming of manual analysis. These studies have indicated that machine learning approaches (Ravikumar et al., 2019;Nikam, 2020;Rajeyyagari, 2020) may really increase the effectiveness of abnormal traffic analysis and detect certain abnormal behaviours that manual analysis cannot detect (Mamolar et al., 2019;Abd EL-Latif et al., 2019). Nevertheless, based on the current study findings, numerous problems require more investigation. ...
Fifth generation (5G) networks are susceptible to a number of attacks that target the 5G platform’s major components, including radio communication, user equipment, core and edge networks. Consequently, the aim of this work is to provide a unique feature extraction and detection system for 5G networks. The input data goes through a preparation phase first. The extracted characteristics include statistical and higher order statistical features, technical indicators, raw features, information gain and improved entropy. This procedure is then applied to the pre-processed data. Finally, the detection phase receives the retrieved characteristics, here Hybrid Classifier (HC), including Deep Belief Network (DBN) and Bidirectional Long-Short-Term Memory (Bi-LSTM) is used. To convert detection stage accurately and precisely, theweights of both Bi-LSTM and DBN are optimised using a novel Deer Hunting updated Sun Flower Optimisation (DHSFO) model that hybrids the concept of Sun Flower Optimisation (SFO) and Deer Hunting Optimisation (DHO) algorithm.
... 5G segments, as discussed in the previous section, can be grouped into multitenant networks, which might include the edge, fog, cloud, and core of the network. A multi-tenant approach consisting of the edge and core network environment was proposed in [5], where it was an improved SMA technology from [4] integrated with unified2 [49] standard format. In this model, there are three levels, user level, tenant level and flow level. ...
In recent years, the need for seamless connectivity has increased across various network platforms like IoT, with demands coming from industries, homes, mobile, transportation and office networks. The 5th generation (5G) network is being deployed to meet such demand for high-speed seamless network device connections. 5G is a high-speed network technology with a seamless connection of different network devices in an internet of things (IoT) network area. However, the advantages of 5G also contribute to the security challenges. The seamless connectivity 5G provides could be a security threat allowing attacks such as distributed denial of service (DDoS) because attackers might have easy access to the network infrastructure and higher bandwidth to enhance the effects of the attack. We look at DDoS attacks and the classification of DDoS. We discuss some general approaches proposed to mitigate DDoS threats. This paper covers approaches using SDN in 5G enabled IoT network platforms.KeywordsDDoS5GIoTSDNBandwidthNetwork resources
... The authors in [24] propose an autonomic security system that protects the network against Distributed Denial of Service (DDoS) attacks by applying countermeasures decided and taken by an autonomic system. The authors depict the proposal in detail throughout the paper and highlight that its architecture supports the detection and mitigation of DDoS attacks. ...
... The classification operations are performed based on the selected features of the attacks. Mohammadi et al. [21] and Mamolar et al. [22] has tried to resolve the attacks with defined traffic protocols with proper switching and hubs. ...
With the rapid growth of Internet of Things (IoT) based models, and the lack amount of data makes cloud computing resources insufficient. Hence, edge computing-based techniques are becoming more popular in present research domains that makes data storage, and processing effective at the network edges. There are several advanced features like parallel processing and data perception are available in edge computing. Still, there are some challenges in providing privacy and data security over networks. To solve the security issues in Edge Computing, Hash-based Message Authentication Code (HMAC) algorithm is used to provide solutions for preserving data from various attacks that happens with the distributed network nature. This paper proposed a Trust Model for Secure Data Sharing (TM-SDS) with HMAC algorithm. Here, data security is ensured with local and global trust levels with the centralized processing of cloud and by conserving resources effectively. Further, the proposed model achieved 84.25% of packet delivery ratio which is better compared to existing models in the resulting phase. The data packets are securely transmitted between entities in the proposed model and results showed that proposed TM-SDS model outperforms the existing models in an efficient manner.
... The IoT device layer consists of benign IoT devices and zombies. The zombies are compromised IoT devices that generate UDP flood DDoS attacks [23] to random destinations in the network. ...
... In such attacks, the adversary tries to associate its MAC address with the IP address of a legitimate 5G component, causing any traffic meant for that IP address to be sent to the attacker instead. Another significant threat to the 5G access network is radio flooding [42], occurring when transmission of data requests is sent to exhaust resources. This can subsequently lead to a reduction or even a complete shutdown of the radio resources provided by the component. ...
With the expansion of 5G networks, new business models are arising where multi-tenancy and active infrastructure sharing will be key enablers for them. With these new opportunities, new security risks are appearing in the form of a complex and evolving threat landscape for 5G networks, being one of the main challenges for the 5G mass rollout. In 5G-enabled scenarios, adversaries can exploit vulnerabilities associated with resource sharing to perform lateral movements targeting other tenant resources, as well as to disturb the 5G services offered or even the infrastructure resources. Moreover, existing security and trust models are not adequate to react to the dynamicity of the 5G infrastructure threats nor to the multi-tenancy security risks. Hence, we propose in this work a new security and trust framework for 5G multi-domain scenarios. To motivate its application, we detail a threat model covering multi-tenant scenarios in an underlying 5G network infrastructure. We also propose different ways to mitigate these threats by increasing the security and trust levels using network security monitoring, threat investigation, and end-to-end trust establishments. The framework is applied in a realistic use case of the H2020 5GZORRO project, which envisions a multi-tenant environment where domain owners share resources at will. The proposed framework forms a secure environment with zero-touch automation capabilities, minimizing human intervention.
... Papers [2], [3], [4], [5] and [6] justify their proposed solution upon the theoretical basis of modelling the system using simulator, empirical formulas etc. but, [7] proposes the autonomous security system to bespeak the systematic protection of the network contrary to DDoS attacks by elucidating the definite countermeasures apprehended by the autonomous system rather than a human. ...
Abstract—This paper proposes a hybrid technique for distributed
denial-of-service (DDoS) attack detection that combines
statistical analysis and machine learning, with software defined
networking (SDN) security. Data sets are analysed in an iterative
approach and compared to a dynamic threshold. Sixteen features
are extracted, and machine learning is used to examine correlation
measures between the features. A dynamically configured
SDN is employed with software defined security (SDS), to
provide a robust policy framework to protect the availability
and integrity, and to maintain privacy of all the networks
with quick response remediation. Machine learning is further
employed to increase the precision of detection. This increases
the accuracy from 87/88% to 99.86%, with reduced false positive
ratio (FPR). The results obtained based on experimental data-sets
outperformed existing techniques.
Index Terms—DDoS, Software Defined Networking (SDN), 5G
Security, Internet of Things(IoT) security, Machine Learning.
... et al. and Bhushan et al. worked on low-rate DDoS attack in cloud computing environment[15,16]. Besides there are 758 studies on attack detection and prevention in 5G mobile networks[17][18][19].Demir et al. proposed an intrusion detection system by combining different classification models, but their study did not have a mitigation system[20]. Patil et al. and Behal et al. worked on DDoS just for early detection[21,22]. ...
... There is abundant work in the literature on the detection of DDoS attacks on networks by relying on SDN. In [18], the authors propose a framework for improving network security in which data traffic is mirrored to a central Intrusion Detection System (IDS) for attack detection, taking into account the mobility of the users. In [19,20], two machine learning models for detecting malicious data flows are presented. ...
The unstoppable adoption of the Internet of Things (IoT) is driven by the deployment of new services that require continuous capture of information from huge populations of sensors, or actuating over a myriad of "smart" objects. Accordingly, next generation networks are being designed to support such massive numbers of devices and connections. For example, the 3rd Generation Partnership Project (3GPP) is designing the different 5G releases specifically with IoT in mind. Nevertheless, from a security perspective this scenario is a potential nightmare: the attack surface becomes wider and many IoT nodes do not have enough resources to support advanced security protocols. In fact, security is rarely a priority in their design. Thus, including network-level mechanisms for preventing attacks from malware-infected IoT devices is mandatory to avert further damage. In this paper, we propose a novel Software-Defined Networking (SDN)-based architecture to identify suspicious nodes in 4G or 5G networks and redirect their traffic to a secondary network slice where traffic is analyzed in depth before allowing it reaching its destination. The architecture can be easily integrated in any existing deployment due to its interoperability. By following this approach, we can detect potential threats at an early stage and limit the damage by Distributed Denial of Service (DDoS) attacks originated in IoT devices.
Software Defined Network (SDN) has been developed and applied gradually in recent years. SDN decouples the data plane from the control plane to implement centralized control, improving network operation efficiency and simplifying network management. However, SDN is vulnerable to Distributed Denial of Service (DDoS) attacks, especially on the control plane, which affects the whole network. In this paper, DDoS attack detection and defense under SDN are comprehensively reviewed, mainly classified according to different detection methods. On this basis, different methods are analyzed and compared in detail, which involves the advantages and disadvantages of different methods, application scenarios and specific DDoS attack types targeted by the methods. After analyzing and comparing different kinds of methods, this paper also points out the current difficulties in the field of DDoS detection and defense under the SDN architecture, and provides ideas for future research.KeywordsSDNDDoSAttack detectionControl plane
The 5G wireless networks associated with higher data‐transferring speeds considerably affect the performance of IoT networks. Nowadays, the Internet has become a very significant aspect of human lives, and it aids in data transfers, processing, and storing. However, 5G networks are subjected to varied cyber security attacks, which are hard to detect. As a result, it is required to set up attack detection models that can recognize 5G network's distributed denial of service (DDoS) attack. Thereby, this article aims to introduce a new model for detecting DDoS attacks. Initially, from input data, features such as statistical features, improved exponential moving average, higher order statistical features, MI, and improved correlation based features are derived. Further, a gain ratio ranking model is used for picking fine features from the overall derived features. Finally, at the detection stage, bidirectional long short‐term memory as well as optimized deep belief network (DBN) are introduced that portray the detected results in a precise way. DBN weights get fine‐tuned by the combined shark smell and electric fish model with new distance based active eco‐location model. Finally, the created approach's advantages are demonstrated using a variety of metrics, including precision, accuracy, F‐measure, and others. In particular, the performance metrics of the proposed work at node = 6000 are accuracy = 98.59%, sensitivity = 96.82%, specificity = 97.52%, precision = 98.91%, F‐measure = 97.86%, MCC = 92.19%, NPV = 97.24%, FPR = 2.47%, and FNR = 3.17%, respectively.
Numerous factors are causing wireless networks to carry an increasing volume of traffic, which is developing quickly. The 5 G mobile networks target a variety of new used cases that consist of more heterogeneous devices linked with similar frameworks. Moreover, the most frequent and fastest-growing Distributed Denial of Service (DDoS) attack, targets the developing computational network infrastructures worldwide. This makes the development of an effective and early detection for massive, complex DDoS attacks necessary. Therefore, the aim of this study is to present a unique DDoS attack detection model for 5 G networks that consists of two phases: feature extraction and attack detection. Here, Long Short-Term Memory (LSTM) & Recurrent Neural Network (RNN) classifiers are combined to perform the detection. The Opposition Learning-based Seagull Optimization Algorithm (OLSOA) model optimizes the weight of the RNN for better accurate detection. A correctly trained hybrid model produces a detected output that is more accurate. Finally, the outcomes of the adopted strategy are calculated about various metrics using conventional approaches. Particularly, the adopted work’s accuracy at node = 10000 outperforms the existing DCNN, RNN, LSTM, Hybrid classifier + WOA, Hybrid classifier + MFO, and Hybrid classifier + SOA methods by 10.8%, 8.33%, 16%, 27.08%, 17.02%, and 5.01%.
System identification is a process of creating a mathematical model of a system from its external observations (inputs and outputs). The concept of discovering models from data is trivial in science and engineering fields. The goal of this chapter is to review the recent development in the field of System Identification from the Automatic Control perspective. In the first part of this chapter, we present a classification of design features of Industrial Control Systems (ICSs). Then we review the literature on system identification techniques for creating models of ICSs. The classification of ICSs allows us to identify limitations and unexplored challenges in the literature on system identification techniques.KeywordsSystem identificationModel discoveryIndustrial control systems
In multiarea power systems, by preempting the transmission resources, denial-of-service (DoS) attacks may cause continuous packet losses in communication network and correspondingly make a performance degradation or even instability of the load frequency control (LFC) system. In this paper, a LFC scheme resilient to DoS attacks is developed. First, the dynamic boundary behaviors of data flow transmitted among multiple switches in normal no-DoS attack scenarios are described by using deterministic network calculus. Then, the analytic relationships among the upper transmission delay bound and key network parameters (e.g., packet size, forwarding rate, and hops) are deduced. Second, considering that the influences of bounded transmission delays on control instructions, the dynamics of closed-loop LFC systems are described as a series of subsystems with actual delays as the jumping decision variables. The established jumping model clearly demonstrates the dynamic evolution process of LFC systems under DoS attacks and stochastic delays. The
$H_{\infty }$
-stabilization criteria considering parameter uncertainties are further deduced by using the Lyapunov theory and a constrained optimization algorithm is developed. Finally, case studies show the effectiveness of the proposed method.
Network management have posed ever-increasing complexity with the evolution of virtualized and softwarized mobile networking paradigm, demanding advanced network visualization and automation technologies to address this significant paradigm shift. This paper provides a novel holographic immersive network management interface that extends the standardized ETSI Zero-Touch Network and Service Management (ZSM) reference architecture to allow network administrators to understand real-time automated tasks in a 5G network without human intervention. This augmented reality based system has been validated and prototyped using Microsoft Hololens 2 in a realistic 5G infrastructure.
Nowadays, 5G networks (or simply 5G) will soon enter our everyday lives to enrich our colorful living environment. However, current 5G lacks of tools that can automatically detect and relieve DoS or DDoS attacks. Basically, 5G. will push its users to link to its attached subsystem, i.e., edge computers, which will burden some of the tasks originally provided by its core network. In the near future, when 5G networks start serving User Equipment (UE), the security problem will be serious. Therefore, in this research, we propose a security system to detect DoS/DDoS attacks and mitigate the attack so that the network can continue effectively serving UEs. We also conducted related experiments to validate our proposed structural design and its feasibility. Eight attackers attack this system at the same time, issuing totally 800 Mbps network traffic. The proposed system can effectively protect the simulated environment from DoS/DDoS attacks without any human interference.
Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.
Over the last decade, a significant amount of effort has been invested on architecting agile and adaptive management solutions in support of autonomic, self-managing networks. Auto-nomic networking calls for automated decisions for management actions. This can be realized through a set of pre-defined network management policies engineered from human expert knowledge. However, engineering sufficiently accurate knowledge considering the high complexity of today's networking environment is a difficult task. This has been a particularly limiting factor in the practical deployment of autonomic systems. Machine Learning (ML) is a powerful technique for extracting knowledge from data. However, there has been little evidence of its application in realizing practical management solutions for autonomic networks. Recent advances in network softwarization and programmabil-ity through Software-Defined Networking (SDN) and Network Functions Virtualization (NFV), the proliferation of new sources of data, and the availability of low-cost and seemingly infinite storage and compute resource from the cloud are paving the way for the adoption of ML to realize cognitive network management in support of autonomic networking. This article is intended to stimulate thought and foster discussion on how to defeat the bottlenecks that are limiting the wide deployment of autonomic systems, and the role that ML can play in this regard.
The on-going development of Fifth Generation (5G) mobile communication technology will be the cornerstone for applying Information and Communication Technology (ICT) to various fields, e.g., smart city, smart home, connected car, etc. The 3rd Generation Partnership Project (3GPP), which has developed the most successful standard technologies in the mobile communication market such as Universal Mobile Telecommunication System (UMTS) and Long Term Evolution (LTE), is currently carrying out the standardization of both 5G access network system and 5G core network system at the same time. Within 3GPP, Service and System Aspects Working Group 2 (SA2) is responsible for identifying the main functions and entities of the network. In December 2016, the 3GPP SA2 group finalized the first phase of study for the architecture and main functions of 5G mobile communication system under the study item of Next Generation system (NextGen). Currently, normative standardization is on-going based on the agreements made in the NextGen Phase 1 study. In this paper, we present the architecture and functions of 5G mobile communication system agreed in the NextGen study.
Software Defined Networks (SDNs) based on the OpenFlow (OF) protocol export control-plane programmability of switched substrates. As a result, rich functionality in traffic management, load balancing, routing, firewall configuration, etc. that may pertain to specific flows they control, may be easily developed. In this paper we extend these functionalities with an efficient and scalable mechanism for performing anomaly detection and mitigation in SDN architectures. Flow statistics may reveal anomalies triggered by large scale malicious events (typically massive Distributed Denial of Service attacks) and subsequently assist networked resource owners/operators to raise mitigation policies against these threats. First, we demonstrate that OF statistics collection and processing overloads the centralized control plane, introducing scalability issues. Second, we propose a modular architecture for the separation of the data collection process from the SDN control plane with the employment of sFlow monitoring data. We then report experimental results that compare its performance against native OF approaches that use standard flow table statistics. Both alternatives are evaluated using an entropy-based method on high volume real network traffic data collected from a university campus network. The packet traces were fed to hardware and software OF devices in order to assess flow-based data-gathering and related anomaly detection options. We subsequently present experimental results that demonstrate the effectiveness of the proposed sFlow-based mechanism compared to the native OF approach, in terms of overhead imposed on usage of system resources. Finally, we conclude by demonstrating that once a network anomaly is detected and identified, the OF protocol can effectively mitigate it via flow table modifications.
Distributed Denial of Service (DDoS) flooding attacks are one of the top concerns for security professionals. DDoS flooding attacks are typically explicit attempts to disrupt legitimate users’ access to services. Attackers usually gain access to a large number of computers by exploiting their vulnerabilities to set up attack armies (i.e., Botnets). Once an attack army has been set up, an attacker can invoke a coordinated, large-scale attack against one or more victim systems. Developing a comprehensive defense mechanism against identified and anticipated DDoS flooding attacks is a desired goal of the intrusion detection and prevention research community. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used thus far in preventing, detecting, and responding to various DDoS flooding attacks.
This paper explores the scope of the DDoS flooding attack problem and attempts to combat it. We categorize the DDoS flooding attacks and classify existing countermeasures based on where and when they prevent, detect, and respond to the DDoS flooding attacks. Moreover, we highlight the need for a comprehensive distributed and collaborative defense approach. Our primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Currently, there is no any effective security solution which can detect cyber-attacks against 5G networks where multitenancy and user mobility are some unique characteristics that impose significant challenges over such security solutions. This paper focuses on addressing a transversal detection system to be able to protect at the same time, infrastructures, tenants and 5G users in both edge and core network segments of the 5G multi-tenant infrastructures. A novel approach which significantly extends the capabilities of a commonly used IDS, to accurately identify attacking nodes in a 5G network, regardless of multiple network traffic encapsulations, has been proposed in this paper. The proposed approach is suitable to be deployed in almost all 5G network segments including the Mobile Edge Computing. Both architectural design and data models are described in this contribution. Empirical experiments have been carried out a realistic 5G multi-tenant infrastructures to intensively validate the design of the proposed approach regarding scalability and flexibility.
The Industrial Internet of Things is growing fast. But the rapid growth of IIoT devices raises a number of security concerns, because the IIoT device is weak in defending against malware, and the method of managing a large number of IIoT devices is awkward and inconvenient. This article proposes a multi-level DDoS mitigation framework (MLDMF) to defend against DDoS attacks for IIoT, which includes the edge computing level, fog computing level, and cloud computing level. Software defined networking is used to manage a large number of IIoT devices and to mitigate DDoS attacks in IIoT. Experimental results show the effectiveness of the proposed framework.
The ubiquity of Internet has been escalating in the recent past as the Internet of Things (IoT) came into the picture. A large number of connected things has completely redefined the perspective of Internet. Advancements in the underlying technologies accelerated this change. On the other side, cyber-attacks also increased with all these developments. The distributed denial of service (DDoS) attacks have increased steeply with more devices to compromise and less secure targets to attack. The IoT networks have been a major victim of the DDoS attacks due to their resource constrained characteristics. Defending IoT-enabled devices and networks from DDoS attacks and being compromised to perform the DDoS attack is a challenging task. In this work, we have proposed a DDoS mitigation framework to defend DDoS attacks on an IoT network. The proposed framework matches with the resource constrained characteristics of IoT environment and suits to adapt to different IoT applications
Distributed Denial of Service (DDoS) attacks have been the plague of the Internet for more than two decades, despite the tremendous and continuous efforts from both academia and industry to counter them. The lessons learned from the past DDoS mitigation designs indicate that the heavy reliance on additional software modules and dedicated hardware devices seriously impede their widespread deployment. This paper proposes an autonomic DDoS defense framework, called ArOMA, that leverages the programmability and centralized manageability features of Software Defined Networking (SDN) paradigm. Specifically, ArOMA can systematically bridge the gaps between different security functions, ranging from traffic monitoring to anomaly detection to mitigation, while sparing human operators from non-trivial interventions. It also facilitates the collaborations between ISPs and their customers on DDoS mitigation by logically distributing the essential security functions, allowing the ISP to handle DDoS traffic based on the requests of its customers. Our experimental results demonstrate that, in the face of DDoS flooding attacks, ArOMA can effectively maintain the performance of video streams at a satisfactory level.
The 5G infrastructure initiative in Europe¹ 5G Infrastructure Public Private Partnership, [Online]. Available here: https://5g-ppp.eu/ has agreed a number of challenging key performance indicators (KPIs) to significantly enhance the user experience and support a number of use cases with very demanding requirements on the network infrastructure. At the same time there is high pressure on the reduction of the operational expenditure (OPEX). A contribution to meeting the KPIs and to reduce OPEX is to evolve the management of the network into a fully autonomic and intelligent framework. Based on advanced technologies, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), the EU H2020 project SELFNET (https://selfnet-5g.eu/) is proposing an advanced network management framework to achieve these objectives.
Detection of distributed denial of service (DDoS) attacks has been a challenging problem for network security. Most of the existing works take into account the anomaly features of the traffic caused by DDoS. However, these detection methods suffer from either less generality or high computational and memory costs in detecting subtle DDoS attacks. In this paper, we first present a model for DDoS attacks with quantitative measurements. Based on this model, we find that there are two factors that have a severe influence on the deviation of traffic features. In view of these two factors, the DDoS attack traffic observed by monitors can be trivial, leading to the subtle DDoS attacks which are difficult to detect. To detect the subtle DDoS anomalies at monitors close to the attack sources, we propose a novel multistage DDoS detection framework that consists of a NTS (Network Traffic State) prediction, a fine-grained singularity detection and a malicious address extraction engine. We also briefly introduced how to distribute our detection framework to enhance the performance of detecting world-wide DDoS attacks. Moreover, the prototype system is implemented and evaluated with real network traces from our campus network and testbed. The results show that our method can detect various DDoS attacks efficiently even though the attack rate is low. Our method can extract malicious IPs for attack reaction with records for a short period, and multiple monitors distributed in the network can fuse the results of extraction seamlessly to improve the accuracy of detection