No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Towards Lightweight Intrusion Identification in SDN-based Industrial Cyber-Physical Systems
... Outdated datasets can also introduce disadvantages, such as limited relevance to current threats, obsolete features, a lack of diversity, mismatch with real-world scenarios, and reduced model performance, which can lead to a false sense of security. Therefore, in this section, we discuss several methodologies proposed in recent studies that utilized the InSDN dataset, which was published in 2020, such as [31][32][33][34][35]. ...
... The researchers in [32,33] achieved an accuracy of 98.98% with 30 features and 98% with 20 features, respectively. A. Zainudin et al. [32] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. ...
... The researchers in [32,33] achieved an accuracy of 98.98% with 30 features and 98% with 20 features, respectively. A. Zainudin et al. [32] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. The depth-wiseConv module utilized a residual connection to enhance training model performance and address the issue of gradient vanishing. ...
The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects of supervised classification, including feature selection, model training, and evaluation methodologies, to comprehensively evaluate their impact on attack detection effectiveness. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. The experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and has a low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 s.
... Outdated datasets can also introduce disadvantages such as limited relevance to current threats, obsolete features, lack of diversity, mismatch with real-world scenarios, and reduced model performance, which can lead to a false sense of security. Therefore, in this section, we discuss several methodologies proposed in recent research that utilize the InSDN dataset, which was published in 2020, such as [8,[15][16][17][18][19][20]. ...
... The researchers in [15,16] achieved an accuracy of 98.98% with 30 features and 98% with 20 features respectively. A. Zainudin et al. [15] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. ...
... The researchers in [15,16] achieved an accuracy of 98.98% with 30 features and 98% with 20 features respectively. A. Zainudin et al. [15] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. The depth-wiseConv module utilized a residual connection to enhance training model performance and address the issue of gradient vanishing. ...
The rapid evolution of technology has given rise to a connected world, where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While IoT offers incredible convenience and efficiency, it presents a significant challenge in cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques are employed within Intrusion Detection Systems (IDS) to enhance their capabilities in identifying and responding to security threats. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. Experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 seconds.
... Outdated datasets can also introduce disadvantages, such as limited relevance to current threats, obsolete features, a lack of diversity, mismatch with real-world scenarios, and reduced model performance, which can lead to a false sense of security. Therefore, in this section, we discuss several methodologies proposed in recent studies that utilized the InSDN dataset, which was published in 2020, such as [31][32][33][34][35]. ...
... The researchers in [32,33] achieved an accuracy of 98.98% with 30 features and 98% with 20 features, respectively. A. Zainudin et al. [32] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. ...
... The researchers in [32,33] achieved an accuracy of 98.98% with 30 features and 98% with 20 features, respectively. A. Zainudin et al. [32] employed the LightGBM feature selection technique, which utilized three main modules: pre-block, depth-wiseConv, and stacked GRU. The depth-wiseConv module utilized a residual connection to enhance training model performance and address the issue of gradient vanishing. ...
The rapid evolution of technology has given rise to a connected world where billions of devices interact seamlessly, forming what is known as the Internet of Things (IoT). While the IoT offers incredible convenience and efficiency, it presents a significant challenge to cybersecurity and is characterized by various power, capacity, and computational process limitations. Machine learning techniques, particularly those encompassing supervised classification techniques, offer a systematic approach to training models using labeled datasets. These techniques enable intrusion detection systems (IDSs) to discern patterns indicative of potential attacks amidst the vast amounts of IoT data. Our investigation delves into various aspects of supervised classification, including feature selection, model training, and evaluation methodologies, to comprehensively evaluate their impact on attack detection effectiveness. The key features selected to improve IDS efficiency and reduce dataset size, thereby decreasing the time required for attack detection, are drawn from the extensive network dataset. This paper introduces an enhanced feature selection method designed to reduce the computational overhead on IoT resources while simultaneously strengthening intrusion detection capabilities within the IoT environment. The experimental results based on the InSDN dataset demonstrate that our proposed methodology achieves the highest accuracy with the fewest number of features and has a low computational cost. Specifically, we attain a 99.99% accuracy with 11 features and a computational time of 0.8599 s.
... While this solution addresses DDoS detection in sensor networks, it does not fully explore lightweight real-time detection. [12] proposes an attack identification model for SDN-based industrial cyber-physical system, utilising the LightGBM feature selection technique with depth-wiseConv and stacked GRU modules. Despite the high-performance results, further scalability and real-time flexibility in edge environments remain areas for improvement. ...
... Compared to the number of non-intrusions, the number of intrusions is also much lesser, resulting in more difficulties in training 7 . IDS employs ML techniques for detecting malicious behaviours using training datasets 8 . Still, many researchers exploit datasets taken from the internet protocol. ...
Cyber-physical system (CPS) incorporates several computing resources, networking units, interconnected physical processes, and monitoring the development and application of the computing system. Interconnection between the cyber and physical worlds initiates attacks on security problems, particularly with the enhancing complications of transmission networks. Despite the efforts to combat these problems, analyzing and detecting cyber-physical attacks from the complex CPS is challenging. Machine learning (ML)-researcher workers implemented based techniques to examine cyber-physical security systems. A competent network intrusion detection system (IDS) is essential to avoid these attacks. Generally, IDS uses ML techniques to classify attacks. However, the features used for classification are not frequently appropriate or adequate. Moreover, the number of intrusions is much lower than that of non-intrusions. This research presents an African Buffalo Optimizer Algorithm with a Deep Learning Intrusion Detection (ABOADL-IDS) model in a CPS environment. The main intention of the ABOADL-IDS model is to utilize the FS with an optimal DL approach for the intrusion recognition and identification procedure. Initially, the ABOADL-IDS model performs the data normalization process. Furthermore, the ABOADL-IDS model utilizes the ABO technique for feature selection. Moreover, the stacked deep belief network (SDBN) technique is employed for intrusion detection and identification. To improve the SDBN technique solution, the seagull optimization (SGO) technique is implemented for the hyperparameter selection. The assessment of the ABOADL-IDS technique is accomplished under NSLKDD2015 and CICIDS2015 datasets. The performance validation of the ABOADL-IDS technique illustrated a superior accuracy value of 99.28% over existing models concerning various measures.
... Access to the controller enables an operator to have complete control over network topology, as well as control to change or generate traffic rules for their applications. This makes SDN controllers an appealing target for cyber attackers, and a focus of concern for secure network management [134]. This section examines SD-SG controller attack defense strategies and categorizes them based on MTD and game theory. ...
Grid modernization has been ushered in by rising electricity consumption, deteriorating infrastructure, and increasing reliability concerns for electric utilities. New advances, collectively referred to as the smart grid, include modern electronics, technology, telecommunications, and computing capabilities. Smart grid telecommunication frameworks provide two-way communication to support grid operations. Software-defined networking (SDN) has been proposed as a method of monitoring and controlling telecommunication networks, enabling increased smart grid visibility, control, and security. However, being connected to telecommunications infrastructure means that smart grid networks are exposed to cyber-attacks. Attackers may use unauthorized access to intercept messages, inject false data into system measurements, flood communication channels with false data packets, or target centralized controllers to cripple network control. Defense and security techniques against these threats are constantly evolving, necessitating an up-to-date, comprehensive study analyzing cyber attacks and defense methods for smart grid networks. Previous smart grid security surveys do not contain recent techniques and to our knowledge most, if not all, address only one type of attack type and/or one type of defense. This survey considers the latest security techniques, simultaneous multi-pronged cyber attacks and defensutilityes to meet the challenges of the next-generation SDN smart grid research with the goal of identifying future research needs, describing the open security challenges, and exposing both emerging threats and their potential impact on SD-SG deployment.
... The ability to access the controller grants an operator full authority over network topology, as well as the ability to modify or create traffic regulations for their applications. SDN controllers are attractive to cyberattackers and are a significant concern for safe network management [155]. This section analyzes the tactics for defending against SD-SG controller attacks and classifies them according to their use of moving target defense (MTD) and game theory. ...
The rise of grid modernization has been prompted by the escalating demand for power, the deteriorating state of infrastructure, and the growing concern regarding the reliability of electric utilities. The smart grid encompasses recent advancements in electronics, technology, telecommunications, and computer capabilities. Smart grid telecommunication frameworks provide bidirectional communication to facilitate grid operations. Software-defined networking (SDN) is a proposed approach for monitoring and regulating telecommunication networks, which allows for enhanced visibility, control, and security in smart grid systems. Nevertheless, the integration of telecommunications infrastructure exposes smart grid networks to potential cyberattacks. Unauthorized individuals may exploit unauthorized access to intercept communications, introduce fabricated data into system measurements, overwhelm communication channels with false data packets, or attack centralized controllers to disable network control. An ongoing, thorough examination of cyber attacks and protection strategies for smart grid networks is essential due to the ever-changing nature of these threats. Previous surveys on smart grid security lack modern methodologies and, to the best of our knowledge, most, if not all, focus on only one sort of attack or protection. This survey examines the most recent security techniques, simultaneous multi-pronged cyber attacks, and defense utilities in order to address the challenges of future SDN smart grid research. The objective is to identify future research requirements, describe the existing security challenges, and highlight emerging threats and their potential impact on the deployment of software-defined smart grid (SD-SG).
... Controllers are one of the most important components of any SDN framework. With access to the controller, a network operator will have complete control over network topology and traffic rules for their applications which make them an appealing target for cyberattackers for these reasons [136]. SD-SG network operators and designers must devise methods to keep these controllers secure so that their network is not compromised by malicious actors. ...
Smart grids are replacing conventional power grids due to rising electricity use, failing infrastructure, and reliability problems. Two-way communication, demand-side administration, and real-time pricing make smart grids (SGs) dependent on its communication system. Manual network administration slows down SG communication. SG networks additionally utilize hardware and software from several vendors, allowing devices to communicate. Software-defined SGs (SD-SG) use software-defined networking (SDN) to monitor and regulate SG global communication networks to address these concerns. SDN separates the data plane (routers and switches) from the control plane (routing logic) and centralizes control into the SDN controller. This helps network operators manage visibility, control, and security. These benefits have made SDN popular in SG architectural and security studies. But because SD-SGs are vulnerable to cyberattacks, there are concerns about the security of these SD-SG networks. Cybercriminals can attack software-defined communication networks, affecting the power grid. Unauthorized access can be used to intercept messages and introduce false data into system measurements, flood communication channels with fraudulent data packets, or target controllers, a potential single point of failure, to cripple SDN networks. Current research reflects this paradigm as defense and security against such attacks have developed and evolved. There is a need for a current study that provides a more detailed analysis and description of SD-SG network security dangers and countermeasures, as well as future research needs and developing threats for the sector. To fill this void, this survey is presented.
... Wang et al. [40] introduced an SDN-based handover authentication scheme for CPS, where they used an authentication handover module (AHM) for key distribution and authentication. Zainudin et al. [41] presented a detection model in an SDN-based industrial CPS with deep learning technique. Latif et al. [42] introduced a routing protocol under the blockchain-based SDN, especially with the cluster structure for IoT-CPS networks. ...
Cyber-physical systems (CPS) play an important role in our daily lives, such as automotive, medical monitoring, smart grid, industrial control systems and so on. CPS typically consists of three main components: sensors, aggregators and actuators. Recently, Software-Defined Networking (SDN) has been applied to CPS for achieving optimal resource allocation and Quality of Service, forming a type of SDN-assisted CPS. To protect such environment, collaborative intrusion detection system (CIDS) is a major security solution, but it is vulnerable to insider threat, where a cyber-attacker can behave maliciously within the network. In this work, we focus on this challenge and investigate the use of blockchain technology that can ensure immutable data sharing without the need of a trusted third party. We introduce a blockchain-enabled collaborative intrusion detection framework for SDN-assisted CPS. In particular, we use challenge-based CIDS in the study and evaluate the proposed framework under both external and internal attacks. The experimental results demonstrate the viability and effectiveness of our blockchain-enabled framework.
IDS keep an eye out for any indications of malicious behaviour or policy breaches in a network or system. An administrator should be notified or a central record should be kept of any intrusion activity or violation using a security information and event management system. Through the integration of sensing, computation, control, and networking, cyber physical systems connect physical infrastructure and objects to the internet and to each other. Therefore, it is necessary to have sufficient intrusion detection after safeguard the CPS from cyber-attacks, which might corrupt the equipment. CPS network intrusion categorisation and detection using sophisticated ML algorithms is the subject of this study's thorough methodology. Some of the methodical stages of the study were data collection preprocessing, and feature selection of the internet traffic that were used in the work which used NSL-KDD dataset for intrusion detection. As a result, a range of ML models is employed in classification applications that exploit their main benefits, including RF, LR, and XGBoost. This model's performance is evaluated using metrics that are based on recall, accuracy, precision, and F1 score. Confusion matrix visualisations are also included for efficient comprehension of classification results. The findings reveal that RF achieved a highest accuracy at 99.50%, followed closely by XGBoost at 99.41%, while LR recorded an accuracy of 95.39%. In addition, Kappa coefficient test, precision99.65 %, recall99.38%, and F1 score99.51 % in RF were observed. In total, the results reveal Random Forest as the superior model in comparison to employed LR and XGBoost while creating accurate IDS to protect CPS sufficiently.
The increasing complexity and interconnectivity of industrial cyber‐physical systems (ICPSs), while enhancing operational security and reliability, have also introduced significant cybersecurity challenges. Software‐defined networking (SDN), a transformative technology for centralized and dynamic resource management, is particularly vulnerable as centralized control planes can become single points of failure. The integration of Digital Twin technology, which creates virtual replicas of physical systems for real‐time monitoring and prediction, further exacerbates security risks. To address these issues, we present TwinSec‐IDS, an advanced intrusion detection framework designed for SDN‐Digital‐Twin‐based ICPS. TwinSec‐IDS provides comprehensive and proactive intrusion detection, thereby enhancing the resilience of industrial networks. This paper introduces an ensemble approach, leveraging hybrid deep learning models—such as Bi‐GRU‐CNN, Bi‐GRU‐LSTM, and Bi‐GRU‐LSTM‐CNN—integrated with ensemble‐based feature selection techniques. The system employs weighted majority voting to combine predictions from multiple models, improving detection accuracy. To ensure optimal feature selection, the framework incorporates explainable AI and multiple filter methods, including mutual information, chi‐square tests, and correlation coefficients, aggregated through a voting mechanism. TwinSec‐IDS demonstrates high accuracy in detecting and categorizing anomalies and effectively responds to potential threats. Extensive evaluations show that TwinSec‐IDS significantly improves the security and resilience of SDN‐Digital‐Twin‐based ICPS, addressing critical cybersecurity concerns and making industrial processes safer and more reliable.
In a power system, the communication link can be compromised by intruders who can launch cyberattacks by capturing data packets, sending falsified packets, or stopping data packets from reaching their destination. Moreover, intruders can compromise control devices using supply chain attacks, firmware patching attacks, and insider attackers. Numerous cyberattacks have been reported previously, and cyberattacks are becoming more frequent since attackers are aware of their socioeconomic impacts. Extensive research has been conducted on developing platforms to simulate cyberattacks, studying different types of cyberattacks, investigating the adverse effects of a successful cyberattack on different components of the power system, designing ways to detect anomalies in the power system using electrical measurements, and proposing ways to mitigate the adverse effects of the detected cyberattack. This paper presents a review of state‐of‐the‐art of cybersecurity in the power system, reviewing available simulation tools for studying the cybersecurity of the power system, classifying components of the power system vulnerable to cyberattacks, and summarizing the adverse effects of a successful cyberattack on each component in the power system. Furthermore, different types of cyberattacks and detection and mitigation methods are classified. Research gaps in the cybersecurity of the power system are also discussed.
Remarkable progress in the Internet of Things (IoT) and the requirements in the Industrial era have raised new constraints of industrial data where huge data are gathered by heterogeneous devices. Recently, Industry 4.0 has attracted attention in various fields of industries such as medicines, automobiles, logistics, etc. However, every field is suffering from some threats and vulnerabilities. In this paper, a new model is proposed for detecting different types of attacks and it is analyzed with a deep learning technique, i.e., classifier-Convolution Neural Network and Long Short-Term Memory. The UNSW NB 15 dataset is used for the classification of various attacks in the field of Industry 4.0 for providing security and protection to the different types of sensors used for heterogeneous data. The proposed model achieves the results using Cortex processors, a 1.2 GHz processor, and four gigabytes of RAM. The attack detection model is written in Python 3.8.8 and Keras. Keras constructs the model using layers of Convolutional, Max Pooling, and Dense Layers. The model is trained using 250 batch size, 60 epochs, 10 classes. For this model, the activation functions are Relu and softmax pooling.
Vulnerability detection in Supervisory Control and Data Acquisition (SCADA) network of a Smart Factory (SF) is a high-priority research area in the cyber-security domain. Choosing an efficient Machine Learning (ML) algorithm for intrusion detection is a huge challenge. This study performed an investigative analysis into the classification ability of various ML models leveraging public cyber-security datasets to determine the best model. Based on the performance evaluation, all adaptions of Decision Tree (DT) and KNN in terms of accuracy, training time, MCE, and prediction speed are the most suitable ML for resolving security issues in the SCADA system.
The Industrial Internet of Things (IIoT) is a recent research area that links digital equipment and services to physical systems. The IIoT has been used to generate large quantities of data from multiple sensors, and the device has encountered several issues. The IIoT has faced various forms of cyberattacks that jeopardize its capacity to supply organizations with seamless operations. Such risks result in financial and reputational damages for businesses, as well as the theft of sensitive information. Hence, several Network Intrusion Detection Systems (NIDSs) have been developed to fight and protect IIoT systems, but the collections of information that can be used in the development of an intelligent NIDS are a difficult task; thus, there are serious challenges in detecting existing and new attacks. Therefore, the study provides a deep learning-based intrusion detection paradigm for IIoT with hybrid rule-based feature selection to train and verify information captured from TCP/IP packets. The training process was implemented using a hybrid rule-based feature selection and deep feedforward neural network model. The proposed scheme was tested utilizing two well-known network datasets, NSL-KDD and UNSW-NB15. The suggested method beats other relevant methods in terms of accuracy, detection rate, and FPR by 99.0%, 99.0%, and 1.0%, respectively, for the NSL-KDD dataset, and 98.9%, 99.9%, and 1.1%, respectively, for the UNSW-NB15 dataset, according to the results of the performance comparison. Finally, simulation experiments using various evaluation metrics revealed that the suggested method is appropriate for IIOT intrusion network attack classification.
Distributed Denial of Service (DDoS) attacks represent the most common and critical attacks targeting conventional and new generation networks, such as the Internet of Things (IoT), cloud computing, and fifth-generation (5G) communication networks. In recent years, DDoS attacks have become not only massive but also sophisticated. Software-Defined Networking (SDN) technology has demonstrated effectiveness in counter-measuring complex attacks since it provides flexibility on global network monitoring and inline network configuration. Although several works have proposed to detect DDoS attacks, most of them did not use up-to-date datasets that contain the newest threats. Furthermore, only a few previous works assessed their solutions using simulated scenarios, easing the migration to production networks. This document presents the implementation of a modular and flexible SDN-based architecture to detect transport and application layer DDoS attacks using multiple Machine Learning (ML) and Deep Learning (DL) models. Exploring diverse ML/DL methods allowed us to resolve which methods perform better under different attack types and conditions. We tested the ML/DL models using two up-to-date security datasets, namely CICDoS2017 and CICDDoS2019 datasets, and they showed accuracy above 99% on classifying unseen traffic (testing set). We also deployed a simulated environment using the network emulator Mininet and the Open Network Operating System (ONOS) SDN controller. In this experimental setup, we demonstrated high detection rates, above 98% for transport DDoS attacks and up to 95% for application-layer DDoS attacks.
Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center’s network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for manufacturers to address it. Therefore, deploying Intrusion Detection Systems (IDSs) to monitor malicious activities is a crucial part of the network architecture. Although the centralized view of the SDN network creates new opportunities for the implementation of IDSs, the performance of these detection techniques relies on the quality of the training datasets. Unfortunately, there are no publicly available datasets that can be used directly for anomaly detection systems applied in SDN networks. The majority of the published studies use non-compatible and outdated datasets, such as the KDD’99 dataset. This manuscript aims to generate an attack-specific SDN dataset and it is publicly available to the researchers. To the best of our knowledge, our work is one of the first solutions to produce a comprehensive SDN dataset to verify the performance of intrusion detection systems. The new dataset includes the benign and various attack categories that can occur in the different elements of the SDN platform. Further, we demonstrate the use of our proposed dataset by performing an experimental evaluation using eight popular machine-learning-based techniques for IDSs.
A Cyber-Physical System in Industry 4.0 is with interconnected elements of cyber and physical worlds. However, the interconnection relies on the success of communication among the equipment, sensors, controllers with different data and communication standards. (Protocols) This research takes an approach of applying Industrial Internet of Things (IIoT) to integrate the sensing data from various equipment and sources. Industrial Micro Control Unit (MCU) is applied to interface with the data sources, actuators, and equipment. The MCU transmits the sensing data/control commands back and forth with the cloud/fog computing platform. By deploying data analytics and reasoning for the manufacturing knowledge ontology in the cloud platform, the cyber world is able to recognize the situations and problems in the physical world. Thus, a decision of preventive or predicative actions can be made in the cyber world and then be implemented in the physical world. The results show that IIoT can eliminate the problems of heterogeneous protocols and databases in manufacturing data transmission. Based on IIoT, CPS is realized without the concerns or difficulties of data transmission
Agean Wi-Fi Dataset for intrusion Detection
Integration of the internet into the entities of the different domains of human society (like smart homes, health care, smart grids, manufacturing processes, product supply chains, and environmental monitoring) is emerging as a new paradigm called the Internet of Things (IoT). However, the ubiquitous and wide-range IoT networks make them prone to cyber attacks. One of the main types of attack is denial of service (DoS), where the attacker floods the network with a large volume of data to prevent nodes from using the services. An intrusion detection mechanism is considered a chief source of protection for information and communications technology. However, conventional intrusion detection methods need to be modified and improved for application to the Internet of Things owing to certain limitations, like resource-constrained devices, the limited memory and battery capacity of nodes, and specific protocol stacks. In this paper, we develop a lightweight attack detection strategy utilizing a supervised machine learning–based support vector machine (SVM) to detect an adversary attempting to inject unnecessary data into the IoT network. Simulation results show that the proposed SVM-based classifier, aided by a combination of two or three incomplex features, can perform satisfactorily in terms of classification accuracy and detection time.
This paper proposes a framework on controller and switches to reduce overhead of controller-switch communication for SDN-based Data Center Networks (DCN). The proposal focuses on OpenFlow (OF), a well-known, sophisticated protocol for SDN, to reduce the number of control messages, consisting of both PACKET_IN and PACKET_OUT messages handled by the OF controller during rule installation on OF switches’ flow tables. The controller receives the first packet of a flow for forwarding path determination and selectively chooses switches for rule installation. Moreover, to ensure lower loads for the controller to handle, the proposed framework adds an out-of-band controller and avoids a hybrid architecture. Extensive simulation shows significant results on reduced controller workload. The performance provides a mutual trade-off by considerably improving rule matching rate in the presence of slightly enhanced number of flow entries, conserving resources on both OF controller and OF switches for SDN-based DCN operation. As a consequence, network latency is reduced while throughput is enhanced, which offers a great promise in the future deployment of DCN.
Software-Defined Networking (SDN)-based Industrial Internet of Things (IIoT) networks have a centralized controller that is a single attractive target for unauthorized users to attack. Cybersecurity in IIoT networks is becoming the most significant challenge, especially from increasingly sophisticated Distributed Denial-of-Service (DDoS) attacks. This situation necessitates efficient approaches to mitigate recent attacks following the incompetence of existing techniques that focus more on DDoS detection. Most existing DDoS detection capabilities are computationally complex and are no longer efficient enough to protect against DDoS attacks. Thus, the need for a low-cost approach for DDoS attack classification. This study presents a competent feature selection method Extreme Gradient Boosting (XGBoost) for determining the most relevant data features with a hybrid Convolutional Neural Network and Long Short-Term Memory (CNN-LSTM) for DDoS attack classification. The proposed model evaluated the CICDDoS2019 dataset with improved accuracy and low-complexity capability for low latency IIoT requirements. Performance results show that the proposed model achieves a high accuracy of 99.50% with a time cost of 0.179 ms.
Distributed Denial of service (DDoS) attacks are dangerous threats to networks that reduce the availability of Internet resources and services. The attacks are easily operated and challenging to detect. At the same time, there are various methods for detecting DDoS attacks, using machine learning techniques to identify and prevent them. This research proposes a new method to detect DDoS based on integrating vast amounts of data and machine learning algorithms to discover DDoS attacks patterns and apply them to new requests to classify them as malicious or benign. The research used the dataset CICIDS2017. The research focuses on eliminating the number of attributes used in machine learning to grant the short time detection and, at the same time, keep the detection precession The proposal used REP Tree, Random Tree, Random Forest, Decision Stump, and Partial Decision Tree (PART) techniques. It is found that the PART is a lightweight classifier that classifies DDoS network patterns from normal traffic, with a detection accuracy of above 99.77 %. The proposed classifier was trained with a small number of features in CICIDS2017, and it is validated using the CICDDoS2019 dataset.
The purpose of a network intrusion detection (NID) is to detect intrusions in the network, which plays a critical role in ensuring the security of the Internet of Things (IoT). Recently, deep learning (DL) has achieved a great success in the field of intrusion detection. However, the limited computing capabilities and storage of IoT devices hinder the actual deployment of DL-based high-complexity models. In this paper, we propose a novel NID method for IoT based on lightweight deep neural network (LNN). In the data preprocessing stage, to avoid high-dimensional raw traffic features leading to high model complexity, we use the PCA algorithm to achieve feature dimensionality reduction. Besides, our classifier uses the expansion and compression structure, the inverse residual structure, and the channel shuffle operation to achieve effective feature extraction with low computational cost. For the multi-classification task, we adopt NID Loss that acts as a better loss function to replace standard cross-entropy loss for dealing with the problem of uneven distribution of samples. The results of experiments on two real-world NID datasets demonstrate that our method has excellent classification performance with low model complexity and small model size, and it is suitable for classifying the IoT traffic of normal and attack scenarios.
Distributed denial-of-service (DDoS) remains an ever-growing problem that has affected and continues to affect a host of web applications, corporate bodies, and governments. With the advent of fifth-generation (5G) network and beyond 5G (B5G) networks, the number and frequency of occurrence of DDoS attacks are predicted to soar as time goes by, hence there is a need for a sophisticated DDoS detection framework to enable the swift transition to 5G and B5G networks without worrying about the security issues and threats. A range of schemes has been deployed to tackle this issue, but along the line, few limitations have been noticed by the research community about these schemes. Owing to these limitations/drawbacks, this paper proposes a composite and efficient DDoS attack detection framework for 5G and B5G. The proposed detection framework consists of a composite multilayer perceptron which was coupled with an efficient feature extraction algorithm and was built not just to detect a DDoS attack, but also, return the type of DDoS attack it encountered. At the end of the simulations and after testing the proposed framework with an industry-recognized dataset, results showed that the framework is capable of detecting DDoS attacks with a high accuracy score of 99.66% and a loss of 0.011. Furthermore, the results of the proposed detection framework were compared with their contemporaries.
Cyber-Physical Systems (CPSs) rely on networks that interconnect sensors and actuators to perform measurement, supervision and protection functions in different domains, such as transportation and industrial automation control systems. These networks must be able to support mobile wireless CPSs that are demanding new requirements related to flexibility and heterogeneity without compromising the Quality of Service (QoS). However, it is hard to determine, for example, the optimal resource allocation or the most reliable paths without global network information. In this way, the Software-Defined Networking paradigm is being considered as key to overcome such emerging needs. In particular, an SDN controller is able to establish paths between sensors and actuators according to bandwidth, latency, redundancy, and safety considerations. Thus, the goal of this paper is to review the state of the art of SDN approaches applied to mission-critical applications by identifying trends, challenges and opportunities for the potential development of software-defined cyber-physical networks.