Adnan, - (2016) A controller-agnostic random oracle based intrusion detection method in software defined networks / Adnan. PhD thesis, University of Malaya.
Abstract
The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and well-managed next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwarding plane, and enabling innovation through network programmability. Such distinguishing features make SDNs flexible, vendor agnostic, programmable, cost effective, and create an innovative network environment. Despite the promising architecture, security was not considered as part of the initial SDN design. Moreover, security concerns are potentially augmented considering the logical centralization of network intelligence. The motivation of this dissertation is to address the defense space against the threat of attacks in SDNs that primarily target the control plane to wrest either full or partial control of the entire network. Additionally, this problem exacerbates in the context of SDNs unlike traditional networks. The SDN controller signifies a single point of failure and thus serves as a potential primary target for attackers. Consequently, the controller compromise in any way would certainly throw the entire network into chaos. Besides, the operational semantics of the OpenFlow mandates unmatched packets to be sent directly to the controller lower the barrier of mounting sophisticated attacks on the SDN controller. Moreover, at present, the control plane has no built-in security mechanism that prevents malicious SDN agents from sending authorized but forged flows to corrupt the controller state or bring the entire network down, in the worst case, even if the OpenFlow is Transport Layer Security (TLS) enabled. Likewise, the soft programmable switches that are directly connected to the controller running atop end host servers are attractive targets for attackers to initiate control plane flooding; apart from authorized but untrusted hosts. To preserve the correct functioning of the entire SDN architecture, an efficient detection of various distributed coordinated attacks and anomalies triggered by large-scale malicious events that predominantly target the control plane is of paramount concern and an increasingly important research topic. As a result, developing an efficient controller-agnostic network intrusion-detection method is imperative. We propose a diverse fusion-selection approach that stands on Oracle to be applied to the classifier ensemble design, where the Oracle is a random linear function. We argue that the proposed method adds extra-diversity while promoting a higher level of intrusiondetection accuracy to effectively identify a wide variety of sophisticated network security attacks. We perform a rigorous evaluation of the proposed method by testing using Floodlight and Mininet to emulate SDN setting. We model the solution in the real setting of SDNs using High Level Petri Nets (HLPN), analyze the rules with Z language, and formally verified the correct functioning using Z3 SMT solver. To validate our proposed approach, we also carried simulation using a publicly available benchmark data-set with K-fold cross validation to exhibit the performance of the proposed method. The verification of the proposed approach is made with current state-of-the-art algorithms. Moreover, to show the resulting significant performance of the proposed approach to be optimistically unbiased, we employed a ten-fold cross-validation.
Actions (For repository staff only : Login required)
![[img]](http://studentsrepo.um.edu.my/style/images/fileicons/application_pdf.png)
