Accurate Anomaly Detection using Adaptive Monitoring and Fast Switching in SDN

Full Text (PDF, 359KB), PP.34-42

Views: 0 Downloads: 0

Author(s)

Gagandeep Garg 1,* Roopali Garg 1

1. dept. of I.T., U.I.E.T., Panjab University, Chandigarh, 160014, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2015.11.05

Received: 23 Feb. 2015 / Revised: 14 Jun. 2015 / Accepted: 20 Aug. 2015 / Published: 8 Oct. 2015

Index Terms

Anomaly detection, SDN, flow-counting, traffic-aggregation, Adaptive traffic monitoring, Network management, fast switching, bandwidth utilization

Abstract

Software defined networking (SDN) is rapidly evolving technology which provides a suitable environment for easily applying efficient monitoring policies on the networks. SDN provides a centralized control of the whole network from which monitoring of network traffic and resources can be done with ease. SDN promises to drastically simplify network monitoring and management and also enable rapid innovation of networks through network programmability. SDN architecture separates the control of the network from the forwarding devices. With the higher innovation provided by the SDN, security threats at open interfaces of SDN also increases significantly as an attacker can target the single centralized point i.e. controller, to attack the network. Hence, efficient adaptive monitoring and measurement is required to detect and prevent malicious activities inside the network. Various such techniques have already been proposed by many researchers. This paper describes a work of applying efficient adaptive monitoring on the network while maintaining the performance of the network considering monitoring overhead over the controller. This work represents effective bandwidth utilization for calculation of threshold range while applying anomaly detection rules for monitoring of the network. Accurate detection of anomalies is implemented and also allows valid users and applications to transfer the data without any restrictions inside the network which otherwise were considered as anomalies in previous technique due to fluctuation of data and narrow threshold window. The concept of fast switching also used to improve the processing speed and performance of the networks.

Cite This Paper

Gagandeep Garg, Roopali Garg, "Accurate Anomaly Detection using Adaptive Monitoring and Fast Switching in SDN", International Journal of Information Technology and Computer Science(IJITCS), vol.7, no.11, pp.34-42, 2015. DOI:10.5815/ijitcs.2015.11.05

Reference

[1]N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar , L. Petrson , J. Rexford, S. Shenker , and J. Turner , “OpenFlow :Enabling innovation in campus networks”, ACM SIGCOMM Computer Communication, Vol. 38, Issue 2, pp. 69-74, 2008.

[2]M. Betts, S. Fratini, N. Davis, R. Dolin and others, “SDN Architecture”. Open Networking Foundation ONF SDN ARCH, Issue 1, June 2014.

[3]G. Garg and R. Garg “Review on architecture and security issues in SDN”, International Journal of Innovative Research in Computer and Communication Engineering” Vol. 2, Issue 11, pp. 6519-6524, November 2014.

[4]T. Zseby, T. Hirch and B. Claise, “Packet sampling for flow accounting: challenges and limitations”, Passive and Active Network Measurement Lecture Notes in Computer Science, Vol. 4979, springer, 2008.  pp. 61-71.

[5]J. Mai, A. Sridharan, C. N. Chuah, H. Zang, and T. Ye “Impact of Packet Sampling on Portscan Detection”, Selected Areas in Communications, IEEE Journal, Vol. 24, Issue: 12  pp. 2285 – 2298, December, 2006.

[6]Y. Zhang, “An adaptive flow counting method for anomaly detection in SDN”, ACM Proc. of CoNEXT, Santa Barbara, California,  USA December, 2013, pp. 25-30.

[7]G. Garg and R. Garg: Detecting anomalies efficiently in SDN using adaptive mechanism. In: IEEE, International conference on advance computing and communication technologies (ACCT2015) pp. 367-370, Rohtak, INDIA. Feb. 2015, doi: 10.1109/ACCT.2015.98.

[8]G. Garg and R. Garg, “Lecture Notes in Computer Science: Security of Networks Using Efficient Adaptive Flow-Counting for Anomaly Detection in SDN”. In Springer: AISC, International Conference on Communication, Computing and Power Technologies (ICCPT-2015) Chennai, April, 2015, pp. 536-544. 

[9]G. Garg and R. Garg, “Efficient anomaly detection using adaptive monitoring in SDN”. In International Journal of Advanced Research in Computer Science and Software Engineering, Vol. 5 Issue 6 pp. 498-501, June, 2015.

[10]P. Banford, J. Kline, D. Plonka, and A. Ron.: A signal analysis of network traffic anomalies. ACM Digital library. Proc. of SIGCOMM IMW’02 (2002) pp. 71-82.

[11]A. Lakhina, M. Crovella, and C. Diot.:  Mining anomalies using traffic feature distributions. ACM Digital library. Proc. of SIGCOMM, Philadelphia Pennsylvania, USA, 2005 pp. 217-228.

[12]K. Giotis, G. Androulidakis, and V. Maglaris.: Leveraging SDN for efficient anomaly detection and mitigation on legacy networks. In Proc. of third European Workshop on Software Defined Networks (EWSDN), Budapest, Hungary 2013.

[13]S. A. Mehdi, J. Khalid and S. A. Khayam.: Revisiting Traffic Anomaly Detection using Software Defined Networking. In: Springer. Recent Advances in Intrusion Detection, 2011.

[14]S. Shi, G. Gun, “Attacking Software-Defined Networks: A First Feasibility Study”, ACM Proc. of HotSDN, Hong Kong, China, 2013 pp. 165-166.

[15]M. Yu, J. Rexford, M. J. Freedman, and J.Wang., “Scalable flow-based networking with DIFANE”, In Proceedings of ACM SIGCOMM conference SIGCOMM'10, pp. 351-362, Vol. 40, Issue 4, October 2010.

[16]M. Moshref, M. Yu, and R. Govindan, “Resource/Accuracy Tradeoffs in Software-Defined Measurement”, ACM, Proc. of HotSDN’13, pp.73-78, Hong Kong, China, August 2013.

[17]S. Shin, V. Yegneswaran, P. Porras, G. Gu, “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks”, In Proceedings of ACM SIGCOMM conference CCS, pp. 413-424, Berlin, Germany, 2013.