Qiumei Cheng,Chunming Wu,Haifeng Zhou,Yuhang Zhang,Rui Wang,Wei Ruan

DOI: https://doi.org/10.1109/hpcc/smartcity/dss.2018.00149

2018-01-01

Abstract:Guarding the perimeter of cloud-based enterprise networks is a challenge due to massive traffic with dynamic nature. Current firewalls of enterprise networks in cloud are largely based on static security rule configuration or simple rule matching, which makes them inflexible, error-prone and poorly effective, bringing about severe security risks. In this paper, we propose an artificial intelligence-based software-defined networks firewall (AI-SDNF) for solving the above problems. Compared with existing SDN firewalls, AI-SDNF is able to extract and analyze the payload of data packets based on machine learning technologies rather than simply match with flow tables according to several header fields (e.g., source and destination IP/MAC addresses). Considering deciding whether a packet is benign or malicious is able to be formulated as a typical binary classification problem, we employ logistic regression for training an intelligent SDN firewall under supervised machine learning. We implement a prototype of AI-SDNF on the OpenDaylight controller and the OpenStack platform. Based on the prototype, we evaluate its performance and overheads with real dataset. The experimental results indicate that AI-SDNF achieves a relatively high detection accuracy of 96.79% with an average of 0.2ms latency.

Wajid Rafique,Maqbool Khan,Nadeem Sarwar,Wanchun Dou

DOI: https://doi.org/10.1007/978-3-030-30146-0_6

2019-01-01

Abstract:Managing the huge IoT infrastructure poses a vital challenge to the network community. Software Defined Networking (SDN), due to its characteristics of centralized network management has been considered as an optimal choice to manage IoT. Edge computing brings cloud recourses near the IoT to localize the cloud demands. Consequently, SDN, IoT, and edge computing can be combined into a framework to create a resourceful SDIoT-Edge architecture to efficiently orchestrate cloud services and utilize resource-limited IoT devices in a flexible way. Besides a wide adoption of IoT, the vulnerabilities present in this less secure infrastructure can be exploited by the adversaries to attack the OpenFlow channel using Distributed Denial of Service (DDoS) attacks. DDoS on OpenFlow channel have the ability to disrupt the whole network hence, providing security for the OpenFlow channel is a key challenge in SDIoT-Edge. We propose a security framework called SDIoT-Edge Security (SIESec) against the security vulnerabilities present in this architecture. SIESec prototype employs machine learning-based classification strategy, blacklist integration, and contextual network flow filtering to efficiently defend against the DDoS attacks. We perform extensive simulations using Floodlight controller and Mininet network emulator. Our results proclaim that SIESec provides extensive security against OpenFlow channel DDoS attacks and pose a very less overhead on the network.

Jiaqi Li,Zhifeng Zhao,Rongpeng Li,Honggang Zhang

DOI: https://doi.org/10.48550/arXiv.1806.02566

2018-06-07

Abstract:Software Defined Internet of Things (SD-IoT) Networks profits from centralized management and interactive resource sharing which enhances the efficiency and scalability of IoT applications. But with the rapid growth in services and applications, it is vulnerable to possible attacks and faces severe security challenges. Intrusion detection has been widely used to ensure network security, but classical detection means are usually signature-based or explicit-behavior-based and fail to detect unknown attacks intelligently, which are hard to satisfy the requirements of SD-IoT Networks. In this paper, we propose an AI-based two-stage intrusion detection empowered by software defined technology. It flexibly captures network flows with a globle view and detects attacks intelligently through applying AI algorithms. We firstly leverage Bat algorithm with swarm division and Differential Mutation to select typical features. Then, we exploit Random forest through adaptively altering the weights of samples using weighted voting mechanism to classify flows. Evaluation results prove that the modified intelligent algorithms select more important features and achieve superior performance in flow classification. It is also verified that intelligent intrusion detection shows better accuracy with lower overhead comparied with existing solutions.

Cryptography and Security,Artificial Intelligence

Garegin Grigoryan,Yaoqing Liu,Laurent Njilla,Charles Kamhoua,Kevin Kwiat

DOI: https://doi.org/10.1109/ICC.2018.8423017

2018-06-06

Abstract:Internet of Things (IoT) is becoming an increasingly attractive target for cybercriminals. We observe that many attacks to IoTs are launched in a collusive way, such as brute-force hacking usernames and passwords, to target at a particular victim. However, most of the time our defending mechanisms to such kind of attacks are carried out individually and independently, which leads to ineffective and weak defense. To this end, we propose to leverage Software Defined Networks (SDN) to enable cooperative security for legacy IP-based IoT devices. SDN decouples control plane and data plane, and can help bridge the knowledge divided between the application and network layers. In this paper, we discuss the IoT security problems and challenges, and present an SDN-based architecture to enable IoT security in a cooperative manner. Furthermore, we implemented a platform that can quickly share the attacking information with peer controllers and block the attacks. We carried out our experiments in both virtual and physical SDN environments with OpenFlow switches. Our evaluation results show that both environments can scale well to handle attacks, but hardware implementation is much more efficient than a virtual one.

Networking and Internet Architecture

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Syed Mohamed Thameem Nizamudeen

DOI: https://doi.org/10.1186/s13677-023-00509-4

2023-09-23

Journal of Cloud Computing

Abstract:In the current era, a tremendous volume of data has been generated by using web technologies. The association between different devices and services have also been explored to wisely and widely use recent technologies. Due to the restriction in the available resources, the chance of security violation is increasing highly on the constrained devices. IoT backend with the multi-cloud infrastructure to extend the public services in terms of better scalability and reliability. Several users might access the multi-cloud resources that lead to data threats while handling user requests for IoT services. It poses a new challenge in proposing new functional elements and security schemes. This paper introduces an intelligent Intrusion Detection Framework (IDF) to detect network and application-based attacks. The proposed framework has three phases: data pre-processing, feature selection and classification. Initially, the collected datasets are pre-processed using Integer- Grading Normalization (I-GN) technique that ensures a fair-scaled data transformation process. Secondly, Opposition-based Learning- Rat Inspired Optimizer (OBL-RIO) is designed for the feature selection phase. The progressive nature of rats chooses the significant features. The fittest value ensures the stability of the features from OBL-RIO. Finally, a 2D-Array-based Convolutional Neural Network (2D-ACNN) is proposed as the binary class classifier. The input features are preserved in a 2D-array model to perform on the complex layers. It detects normal (or) abnormal traffic. The proposed framework is trained and tested on the Netflow-based datasets. The proposed framework yields 95.20% accuracy, 2.5% false positive rate and 97.24% detection rate.

Martin Andreoni Lopez,Diogo Menezes Ferrazani Mattos,Otto Carlos M. B. Duarte

DOI: https://doi.org/10.1007/s12243-016-0506-y

2016-03-05

Annals of Telecommunications

Abstract:Internal users are the main causes of anomalous and suspicious behaviors in a communication network. Even when traditional security middleboxes are present, internal attacks may lead the network to outages or to leakage of sensitive information. In this article, we propose BroFlow, an Intrusion Detection and Prevention System based on Bro traffic analyzer and on the global network view of the software-defined networks (SDN) which is provided by the OpenFlow. BroFlow main contributions are (i) dynamic and elastic resource provision of traffic-analyzing machines under demand; (ii) real-time detection of DoS attacks through simple algorithms implemented in a policy language for network events; (iii) immediate reaction to DoS attacks, dropping malicious flows close of their sources, and (iv) near-optimal placement of sensors through a proposed heuristic for strategically positioning sensors in the network infrastructure, which is shared by multi-tenants, with a minimum number of sensors. We developed a prototype of the proposed system, and we evaluated it in a virtual environment of the Future Internet Testbed with Security (FITS). An evaluation of the system under attack shows that BroFlow guarantees the forwarding of legitimate packets at the maximal link rate, reducing up to 90 % of the maximal network delay caused by the attack. BroFlow reaches 50 % of bandwidth gain when compared with conventional firewalls approaches, even when the attackers are legitimate tenants acting in collusion. In addition, the system reduces the sensors number, while keeping full coverage of network flows.

telecommunications

Ankur Mudgal,Abhishek Verma,Munesh Singh,Kshira Sagar Sahoo,Erik Elmroth,Monowar Bhuyan

DOI: https://doi.org/10.1109/TNSM.2024.3446178

2024-10-19

Abstract:Software Defined Networking (SDN) has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably the Low-Rate Flow Table Overflow (LOFT) attacks. LOFT exploits the flow table's storage capacity by occupying a substantial amount of space with malicious flow, leading to a gradual degradation in the flow-forwarding performance of OF switches. To mitigate this threat, we propose FloRa, a machine learning-based solution designed for monitoring and detecting LOFT attacks in SDN. FloRa continuously examines and determines the status of the flow table by closely examining the features of the flow table entries. Upon detecting an attack FloRa promptly activates the detection module. The module monitors flow properties, identifies malicious flows, and blacklists them, facilitating their eviction from the flow table. Incorporating novel features such as Packet Arrival Frequency, Content Relevance Score, and Possible Spoofed IP along with Cat Boost employed as the attack detection method. The proposed method reduces CPU overhead, memory overhead, and classification latency significantly and achieves a detection accuracy of 99.49%, which is more than the state-of-the-art methods to the best of our knowledge. This approach not only protects the integrity of the flow tables but also guarantees the uninterrupted flow of legitimate traffic. Experimental results indicate the effectiveness of FloRa in LOFT attack detection, ensuring uninterrupted data forwarding and continuous availability of flow table resources in SDN.

Networking and Internet Architecture

Rimsha Saeed,Hassaan Khaliq Qureshi,Christiana Ioannou,Marios Lestas

DOI: https://doi.org/10.1109/access.2024.3489772

IF: 3.9

2024-11-09

IEEE Access

Abstract:Many interconnected IoT devices driven by imperatives of efficiency and convenience often lack adequate security measures, making them susceptible to exploitation by cyber-criminals. Effective network security necessitates meticulous intrusion detection, which typically involves scrutinizing the network traffic using deep packet or stateful protocol inspection techniques. However, traditional inspection methods often require manual feature engineering, which can result in loss of payload information and thus, false alarms. In this study, a controlled testbed environment is established to capture botnet traffic. The paper introduces a detection approach that involves converting raw NetFlow data to IDX, short for 'Index,' image representations. A hybrid deep learning architecture is designed, integrating VGG19 and GRU structures to learn the spatial and temporal features, respectively. The detection results show that the proposed solution achieves 98.883% true positives rate and 0.9% false negatives rate, surpassing conventional anomaly detection. In addition, an adaptive sliding window technique is introduced for live intrusion detection and prevention. Through iterative testing and refinement, a runtime of 0.041 ms per image and 0.00171 ms per packet is achieved, confirming the robust nature of the proposed method.

computer science, information systems,telecommunications,engineering, electrical & electronic

P. Malini,K.R. Kavitha,Dr. K.R. Kavitha

DOI: https://doi.org/10.1016/j.cose.2024.103818

IF: 5.105

2024-03-29

Computers & Security

Abstract:In recent years, the development of Internet of Things (IoT) applications has increased, resulting in higher demands for sufficient bandwidth, data rates, latency, and quality of service (QoS). In advanced communications, managing network resources for allocating IoT services and identifying the exact IoT devices connected to a network is a major concern. The existing studies have introduced various methods for classifying IoT devices in a network. However, the previous studies faced challenges like limited attributes, low efficiency, inappropriate features, and computational complexities. Also, the existing studies failed to concentrate on IoT/Non-IoT classification along with attack detection. Detecting attacks on IoT devices is critical for making network services more effective. Thus, the proposed study introduces an efficient IoT device classification and attack detection mechanism using Software Defined Networking (SDN)-enabled Fiber-Wireless Access Networks Internet of Things (FiWi IoT) architecture. Initially, an effective resource allocation process is performed to mitigate the delay constraint issues by introducing a hybrid parallel neural network-based dynamic bandwidth allocation (DBA) method. Then, the input traffic information is gathered from the resource-efficient SDN-enabled FiWi IoT network, and the input data is pre-processed to eliminate unwanted noises using min-max normalization and standardization. Next, the essential attributes are extracted to attain enhanced classification performance. To reduce the feature dimensionality problem and thereby solve complexity issues, the most optimal features are selected by a new Chaotic Seagull Optimization (CSO) approach. After that, IoT/non-IoT classification is performed using a transformer-driven deep intelligent model. Finally, the attacks are detected and classified by introducing a novel Slice Attention-based Deep Capsule Autoencoder (SA_DCAE) model. For experimentation, the Python 3.7.0 tool is used in this work, and the performance of proposed classifiers is measured by evaluating varied matrices. Also, the comparison analysis proves the superiority of the proposed techniques to other existing methods.

computer science, information systems

Prabhat Kumar,Govind P. Gupta,Rakesh Tripathi

DOI: https://doi.org/10.1007/s12652-020-02696-3

IF: 3.662

2020-11-27

Journal of Ambient Intelligence and Humanized Computing

Abstract:With the development of internet of things (IoT), capabilities of computing, networking infrastructure, storage of data and management have come very close to the edge of networks. This has accelerated the necessity of Fog computing paradigm. Due to availability of Internet, most of our business operations are integrated with IoT platform. Fog computing has enhanced the strategy of collecting and processing, huge amount of data. On the other hand, attacks and malicious activities has adverse consequences on the development of IoT, Fog, and cloud computing. This has led to development of many security models using fog computing to protect IoT network. Therefore, for dynamic and highly scalable IoT environment, a distributed architecture based intrusion detection system (IDS) is required that can distribute the existing centralized computing to local fog nodes and can efficiently detect modern IoT attacks. This paper proposes a novel distributed ensemble design based IDS using Fog computing, which combines k-nearest neighbors, XGBoost, and Gaussian naive Bayes as first-level individual learners. At second-level, the prediction results obtained from first level is used by Random Forest for final classification. Most of the existing proposals are tested using KDD99 or NSL-KDD dataset. However, these datasets are obsolete and lack modern IoT-based attacks. In this paper, UNSW-NB15 and actual IoT-based dataset namely, DS2OS are used for verifying the effectiveness of the proposed system. The experimental result revealed that the proposed distributed IDS with UNSW-NB15 can achieve higher detection rate upto 71.18% for Backdoor, 68.98% for Analysis, 92.25% for Reconnaissance and 85.42% for DoS attacks. Similarly, with DS2OS dataset, detection rate is upto 99.99% for most of the attack vectors.

computer science, information systems,telecommunications, artificial intelligence

Abhishek Savaliya,Rutvij H Jhaveri,Qin Xin,Saad Alqithami,Sagar Ramani,Tariq Ahamed Ahanger

DOI: https://doi.org/10.3934/mbe.2021411

2021-09-22

Abstract:Industrial Cyber-Physical Systems (CPSs) require flexible and tolerant communication networks to overcome commonly occurring security problems and denial-of-service such as links failure and networks congestion that might be due to direct or indirect network attacks. In this work, we take advantage of Software-defined networking (SDN) as an important networking paradigm that provide real-time fault resilience since it is capable of global network visibility and programmability. We consider OpenFlow as an SDN protocol that enables interaction between the SDN controller and forwarding plane of network devices. We employ multiple machine learning algorithms to enhance the decision making in the SDN controller. Integrating machine learning with network resilience solutions can effectively address the challenge of predicting and classifying network traffic and thus, providing real-time network resilience and higher security level. The aim is to address network resilience by proposing an intelligent recommender system that recommends paths in real-time based on predicting link failures and network congestions. We use statistical data of the network such as link propagation delay, the number of packets/bytes received and transmitted by each OpenFlow switch on a specific port. Different state-of-art machine learning models has been implemented such as logistic regression, K-nearest neighbors, support vector machine, and decision tree to train these models in normal state, links failure and congestion conditions. The models are evaluated on the Mininet emulation testbed and provide accuracies ranging from around 91-99% on the test data. The machine learning model with the highest accuracy is utilized in the intelligent recommender system of the SDN controller which helps in selecting resilient paths to achieve a better security and quality-of-service in the network. This real-time recommender system helps the controller to take reactive measures to improve network resilience and security by avoiding faulty paths during path discovery and establishment.

Hani Alshahrani,Attiya Khan,Muhammad Rizwan,Mana Saleh Al Reshan,Adel Sulaiman,Asadullah Shaikh

DOI: https://doi.org/10.3390/su15119001

IF: 3.9

2023-06-03

Sustainability

Abstract:The Industrial Internet of Things (IIoT) refers to the employment of the Internet of Things in industrial management, where a substantial number of machines and devices are linked and synchronized with the help of software programs and third platforms to improve the overall productivity. The acquisition of the industrial IoT provides benefits that range from automation and optimization to eliminating manual processes and improving overall efficiencies, but security remains to be forethought. The absence of reliable security mechanisms and the magnitude of security features are significant obstacles to enhancing IIoT security. Over the last few years, alarming attacks have been witnessed utilizing the vulnerabilities of the IIoT network devices. Moreover, the attackers can also sink deep into the network by using the relationships amidst the vulnerabilities. Such network security threats cause industries and businesses to suffer financial losses, reputational damage, and theft of important information. This paper proposes an SDN-based framework using machine learning techniques for intrusion detection in an industrial IoT environment. SDN is an approach that enables the network to be centrally and intelligently controlled through software applications. In our framework, the SDN controller employs a machine-learning algorithm to monitor the behavior of industrial IoT devices and networks by analyzing traffic flow data and ultimately determining the flow rules for SDN switches. We use SVM and Decision Tree classification models to analyze our framework's network intrusion and attack detection performance. The results indicate that the proposed framework can detect attacks in industrial IoT networks and devices with an accuracy of 99.7%.

environmental sciences,environmental studies,green & sustainable science & technology

Dezhang Kong,Xiang Chen,Chunming Wu,Yi Shen,Zhengyan Zhou,Qiumei Cheng,Xuan Liu,Mingliang Yang,Yubing Qiu,Dong Zhang,Muhammad Khurram Khan

DOI: https://doi.org/10.1109/tifs.2024.3472477

IF: 7.231

2024-10-15

IEEE Transactions on Information Forensics and Security

Abstract:The flow table is a critical component of Software-Defined Networking (SDN). However, flow tables' limited capacity makes them highly vulnerable to flow table overflow attacks (FTOAs). Due to the low attack cost and highly flexible attack forms, it is hard to eradicate FTOAs. This paper addresses three unsolved problems for table security and proposes a robust defense accordingly. First, we reveal that the existing defenses with fixed defense speeds will cause severe packet loss when handling diverse traffic. We prove that deleting multiple rules can efficiently solve this problem and give a rigorous derivation to calculate the suitable deletion number according to the environment. Second, we illustrate that abnormal table occupancy squeezing is a constant characteristic of FTOAs regardless of attack forms. It can be used to identify attacked ports accurately in different scenarios. Third, we mathematically prove that random deletion can guarantee the continuous decrease of malicious flow rules after confirming attacked ports. It achieves fast speed and robust effectiveness in different environments. Based on these findings, we design rDefender, a robust and lightweight defense prototype. We evaluate its effect by designing diverse, powerful attacks and using real-world datasets and topology. The results demonstrate that it achieves the best overall performance compared to six existing mainstream defenses, providing stable security for switch flow tables.

computer science, theory & methods,engineering, electrical & electronic

Senthilraja P,Kanmani Palaniappan,Brindha Duraipandi,Uma Maheswari Balasubramanian

DOI: https://doi.org/10.1007/s12083-024-01694-y

IF: 3.488

2024-05-23

Peer-to-Peer Networking and Applications

Abstract:In an era characterized by the proliferation of the Internet of Things (IoT), the seamless interconnection of diverse devices has revolutionized various sectors. However, this rapid expansion has brought forth significant security concerns, making effective anomaly detection crucial for safeguarding IoT networks. This research introduces a pioneering framework for dynamic behavioral profiling and anomaly detection in Software-Defined IoT Networks (SD-IoT). By leveraging the inherent advantages of SDN, this framework enhances the security and resilience of IoT ecosystems. Through a meticulous step-by-step process, dynamic profiles of IoT devices' behavior are generated to capture evolving attributes over time. Machine learning-based anomaly detection algorithms analyzed profiles to identify deviations from normal behavior and to effectively detect potential security threats. Anomalies detected trigger real-time policy adaptations that contain and mitigate their impact. The SDN controller enforces these adapted policies, preventing anomaly propagation and ensuring network integrity. To evaluate the framework's efficacy, extensive experiments are conducted using a comprehensive datasets in the simulated IoT environment. The results demonstrated the accuracy of dynamic behavioral profiling, the adaptability of the policy adjustments, and the efficiency of the anomaly detection algorithm. The proposed framework holds immense promise in fortifying IoT networks against emerging threats, contributing to the security and stability of our increasingly interconnected world. The comparative analyses in the performance validation showed that the proposed model attained better anomaly detection performances than other existing models.

computer science, information systems,telecommunications

N Maheswaran,S Bose,Buvaneswari Natarajan

DOI: https://doi.org/10.1080/00051144.2024.2372749

IF: 1.79

2024-07-13

Automatika

Abstract:The advancements made in Software-Defined Networking (SDN) technology seem quite promising, with potential wide application in managing and controlling the latest network infrastructures. SDN technology decouples the control plane from the data plane, enabling effective and flexible network management. However, this dynamic phenomenon brings new security challenges. With the increasing dynamism and programmable nature of networks, conventional security protocols may not sufficient to protect against advanced and sophisticated attacks. Although Intrusion Detection Systems (IDSs) have been extensively applied for identifying and preventing security threats in traditional network environments, IDS models designed specifically for traditional network requirements may not be adequate for SDN environments. These issues may stem from the static nature of conventional networks, contrasting with the dynamicity of advanced SDN networks, and the traditional IDS's inability to adapt to the dynamic nature of SDN. To address these challenges, the current research proposes a novel Deep Hybrid IDS model to enhance network security in SDN environments and prevent attacks using Scapy. The proposed model detects signature-based attacks by integrating Gated Recurrent Units (GRU) and Long Short-Term Memory (LSTM) for real-time simulated datasets, achieving an accuracy of 97.8%, which is comparatively better than existing models.

automation & control systems,engineering, electrical & electronic

Urvashi Sangwan

DOI: https://doi.org/10.52783/jes.3233

2024-05-02

Abstract:Through the network's infrastructure, the IoT can impart perception, recognition, and remote control to inanimate objects. Due to IoT's characteristics, it's possible to integrate the real world into a digital system, which improves precision, productivity, and bottom line. While traditional internet infrastructure comprises of highly capable computers and servers, IoT gadgets have limited processing power and storage space. The authentication and key agreement system SecureAuthKey is very lightweight. The suggested technique is meant to solve the security and privacy problems that plague modern constraint-based CPS programmes. A lightweight approach for authenticating cyber-physical objects is one of the expected outcomes. Adaptation and autonomy in cyber-physical systems need not be compromised by a lack of trust or security in users' data or the devices themselves, according to a new type of security algorithm. To provide flexibility and scalability, a new middleware module has been developed on the Raspberry platform to facilitate communication between CPS-based devices and services. Secure Internet of Things (IoT) evaluation methodology that may be used in a variety of contexts and is user-focused. With the suggested system, the two CPS units will be able to authenticate one another. When a network grows larger, the possibility of an attack rises. Therefore, the IoT network is much more susceptible to attacks than conventional networks. As the number of connected devices grows, so do the number of potential threats to their security. To protect the IoT ecosystem from current threats, cutting-edge technology is essential. The proposed approach must be very efficient and have low computational overheads. It creates random session keys to protect wireless transmissions. The system is protected from a variety of cyber threats. The current constraint-based CPS system requires a new lightweight security solution.

Wenmao LIU,Xiaofeng QIU,Pengcheng CHEN,Xutao WEN,Xinxin HE,Dongsheng WANG,Jun LI

DOI: https://doi.org/10.3778/j.issn.1673-9418.1407061

2015-01-01

Abstract:Current OpenFlow specifications provide limited access to packet details, making it inefficient to deploy security applications. Moreover, current security solutions become less flexible as software defined-networking (SDN) develops. This paper proposes a distributed software-defined security architecture (SDSA), which offloads heavy security processing from SDN controller to a dedicated security controller and security APPs, providing both flow and packet level protections against various attacks in the SDN and virtual environment. This paper gives the global view and knowledge of flows, IaaS assets and devices, which can make accurate decisions and ensures devices to execute security rules instantly. The architecture simplifies security device logic greatly by separating security data and control planes, the detection and protection are automated with standardized control messages, making the secu-rity reaction fast. The experiments demonstrate that SDSA can detect DoS attack, port scan and abnormal high traffic with low cost and little overhead.

Arjun Singh,Preeti Mishra,P. Vinod,Avantika Gaur,Mauro Conti

DOI: https://doi.org/10.1007/s10586-024-04444-0

2024-05-01

Cluster Computing

Abstract:The evolving behavior of the attacks may affect the decision boundaries of the trained machine learning models. The issue has not been well investigated, especially with hypervisor-based security solutions where virtual machine (VM)'s network artifacts are introspected and analyzed. In this paper, we proposed a sustainable and explainable flow-filtering-based concept drift-driven network intrusion detection approach, called 'SFC-NIDS' which introspects network activities by analyzing VM traffic profile. The VM traffic is captured and pre-processed at the hypervisor to extract important network artifacts. The redundant and trivial network flows have been filtered using the proposed gradient descent-based flow filtering mechanism and validated using explainability. SFC-NIDS employs auto-encoders to reconstruct the traffic features to capture additional patterns. Afterward, the 1D-convolution neural network has been employed to learn and detect malicious attack flows. The model's sustainability is ensured by integrating the drift detection mechanism with the decision model to retrain it with evolving attack patterns. The approach has been validated with virtual network traffic artifacts collected at the hypervisor and provides 98.9% accuracy, 99.03%, and F1-Score. In addition, the approach has also been validated using the KDD99 dataset, showcasing an accuracy of 99.97% and an F1-Score of 99.98%.

computer science, information systems, theory & methods

M. K. Nallakaruppan,Siva Rama Krishnan Somayaji,Siddhesh Fuladi,Francesco Benedetto,Senthil Kumaran Ulaganathan,Gokul Yenduri

DOI: https://doi.org/10.1109/access.2024.3355794

IF: 3.9

2024-03-06

IEEE Access

Abstract:The Internet of Things (IoT) infrastructure enables smart devices to learn, think, speak and perform. The facilities of the IoT devices can be enhanced to support an intelligent application through technologies like fog computing, smart networks, federated learning or explainable artificial intelligence infrastructures. In all these cases networking of IoT devices becomes inevitable. Whereever there exists a network, a threat to the network infrastructure is also possible. The proposed work classifies various attacks on the hosts with the support of proven machine learning (ML) algorithms. This work performs the comparative analysis of all these classification parameters of the machine learning algorithms with the use of fuzzy-based recommendation systems. This work also lists out various incidents of intrusions on the IoT hosts in appropriate layers of the interface and proposes an efficient algorithm and framework to overcome the occurrences of intrusions on the host side. In particular, we propose an effective security framework to deal with the intrusions that can deteriorate the host-based systems. The ranking of the algorithms is evaluated using fuzzy-based recommendation systems such as TOPSIS, VIKOR, MORA, WASPAS. The ensemble of machine learning algorithms such as Decision Tree, Lite Gradient Boost, Xtra Gradient Boost and Random Forest provide better values of accuracy (around 99%) with higher precision, re-call and F1-scores, thus proving their efficacy for intrusion detection in IoT networks.

computer science, information systems,telecommunications,engineering, electrical & electronic