A genetic algorithm‐based flow update scheduler for software‐defined networks

Software‐defined networking (SDN) facilitates network programmability through a central controller. It dynamically modifies the network configuration to adapt to the changes in the network. In SDN, the controller updates the network configuration through flow updates, ie, installing the flow rules in network devices. However, during the network update, improper scheduling of flow updates can lead to a number of problems including overflowing of the switch flow table memory and the link bandwidth. Another challenge is minimizing the network update completion time during large‐network updates triggered by events such as traffic engineering path updates. The existing centralized approaches do not search the solution space for flow update schedules with optimal completion time. We proposed a hybrid genetic algorithm‐based flow update scheduling method (the GA‐Flow Scheduler). By searching the solution space, the GA‐Flow Scheduler attempts to minimize the completion time of the network update without overflowing the flow table memory of the switches and the link bandwidth. It can be used in combination with other existing flow scheduling methods to improve the network performance and reduce the flow update completion time. In this paper, the GA‐Flow Scheduler is combined with a stand‐alone method called the three‐step method. Through large‐scale experiments, we show that the proposed hybrid approach could reduce the network update time and packet loss. It is concluded that the proposed GA‐Flow Scheduler provides improved performance over the stand‐alone three‐step method. Also, it handles the above‐mentioned network update problems in SDN.     

Genetic algorithm‐based routing method for enhanced video delivery over software defined networks

Video streaming has emerged as a killer application in today's Internet, delivering a tremendous amount of media contents to millions of users at any given time. Such a heavy traffic load demands an effective routing method. In this paper, an effective routing method, named GA‐SDN, is developed based on software defined network (SDN) technique. To facilitate the researchers in this field to evaluate the video delivery quality over SDN, an evaluation framework and its associated source codes are provided. The framework integrates the H.264 Scalable Video coding streaming Evaluation Framework (SVEF) with the Mininet emulator. Through this framework, video processing researchers can evaluate their proposed coding algorithms in an SDN‐enabled network emulator, while network operators or executives can evaluate the impact of real video streams on the developing network architectures or protocols. Experiment results demonstrate the usefulness of myEvalSVC_SDN and prove that GA‐SDN outperforms traditional Bellman‐Ford routing algorithm in terms of packet drop rate, throughput, and average peak signal‐to‐noise ratio.     

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

The use of covert‐channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer‐to‐peer, chat or http proxy into other allowed protocols like Domain Name Server (DNS) or HTTP. This paper illustrates a machine learning approach to detect one particular covert‐channel technique: DNS tunneling. Despite packet inspection may guarantee reliable intrusion detection in this context, it may suffer of scalability performance when a large set of sockets should be monitored in real time. Detecting the presence of DNS intruders by an aggregation‐based monitoring is of main interest as it avoids packet inspection, thus preserving privacy and scalability. The proposed monitoring mechanism looks at simple statistical properties of protocol messages, such as statistics of packets inter‐arrival times and of packets sizes. The analysis is complicated by two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field). Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. An insightful analysis of the performance leads to discover a unique intrusion detection tool, applicable in the presence of different tunneled applications. Copyright © 2014 John Wiley & Sons, Ltd.     

Effective allied network security system based on designed scheme with conditional legitimate probability against distributed network attacks and intrusions

Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd.     

基于循环神经网络的无线网络入侵检测分类模型构建与优化研究

为提高无线网络入侵检测模型的综合性能,该文将循环神经网络(RNN)算法用于构建无线网络入侵检测分类模型。针对无线网络入侵检测训练数据样本分布不均衡导致分类模型出现过拟合的问题,在对原始数据进行清洗、转换、特征选择等预处理基础上,提出基于窗口的实例选择算法精简训练数据集。对攻击分类模型的网络结构、激活函数和可复用性进行综合优化实验,得到最终优化模型,分类准确率达到98.6699%,综合优化后的运行时间为9.13 s。与其他机器学习算法结果比较,该优化方法在分类准确率和执行效率两个方面取得了很好的效果,综合性能优于传统的入侵检测分类模型。     

基于布谷鸟算法的光纤激光网络异质信息入侵检测

采用以往入侵检测方法时,通过随机方式对参数进行初始化处理,检测精度低,为此,提出一种基于布谷鸟算法的光纤激光网络异质信息入侵检测方法.分析了布谷鸟算法寻优过程,针对常规布谷鸟算法受参数改变的影响相对较大,具有收敛速度慢、准确率低以及容易陷入局部最优的弊端,依据差分进化方法,通过在新鸟巢位置公式中结合别的鸟巢位置完成简易...     

Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment

For addressing the problem of two typical types of distributed denial of service (DDoS) attacks in cloud environment,a DDoS attack detection and prevention scheme called SDCC based on software defined network (SDN) architecture was proposed.SDCC used a combination of bandwidth detection and data flow detection,utilized confidence-based filtering (CBF) method to calculate the CBF score of packets,judged the packet of CBF score below the threshold as an attacking packet,added its attribute information to the attack flow feature library,and sent the flow table to intercept it through SDN controller.Simulation results show that SDCC can detect and prevent different types of DDoS attacks effectively,and it has high detection efficiency,reduces the controller’s computation overhead,and achieves a low false positive rate.     

A virtualized infrastructure to offer network mapping functionality in SDN networks

The separation of control and forwarding planes in software‐defined networking (SDN) networks is a key issue of the SDN technology. This feature and the existence of the SDN controller allow the developing of dynamic, adaptable and manageable networks, networks that require adequate services, and applications. However, the separation of these planes prevents the use of existing powerful tools that were coded considering traditional networks. In this paper, we make use of the potential of network virtualization (NV) technologies to propose the use of a virtualized infrastructure that makes possible the incorporation of these existing services and/or applications to an SDN network, without the need for programming additional and complex software modules in the SDN controller. Thus, in this paper, NV is not employed to develop a network managed by SDN but to broaden and give support to the SDN control layer. As an example, we describe the incorporation of nmap (a versatile and powerful tool widely used by security experts for network exploration) into the SDN framework. It is only necessary to develop a simple control plane service that thanks to the proposed virtualized infrastructure allows the inclusion of this powerful management application. The result offers the complete functionality of the nmap utility to the network administrators, who control the SDN network through the out‐of‐band control plane. In addition, a northbound REST API has been defined to offer the main functionality of the tool (host discovery, port scanning, and operating system detection) to the application layer.     

软件定义网络中基于密码标识的报文转发验证机制

针对软件定义网络(SDN)中缺乏安全高效的数据来源验证机制问题,该文提出基于密码标识的报文转发验证机制。首先,建立基于密码标识的报文转发验证模型,将密码标识作为IP报文进出网络的通行证。其次,设计SDN批量匿名认证协议,将SDN控制器的验证功能下放给SDN交换机,由SDN交换机进行用户身份验证和密码标识验证,快速过滤伪造、篡改等非法报文,提高SDN控制器统一认证与管理效率,同时可为用户提供条件隐私保护。提出基于密码标识的任意节点报文抽样验证方案,任何攻击者无法通过推断采样来绕过报文检测,确保报文的真实性的同时降低其处理延迟。最后,进行安全性分析和性能评估。结果表明该机制能快速检测报文伪造和篡改及抵抗ID分析攻击,但同时引入了大约9.6%的转发延迟和低于10%的通信开销。     

Identifying online traffic based on property of TCP flow

Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. In this article, an approach is presented for online traffic classification relying on the observation of the first n packets of a transmission control protocol (TCP) connection. Its key idea is to utilize the properties of the observed first ten packets of a TCP connection and Bayesian network method to build a classifier. This classifier can classify TCP flows dynamically as packets pass through it by deciding whether a TCP flow belongs to a given application. The experimental results show that the proposed approach performs well in online Internet traffic classification and that it is superior to naive Bayesian method.     

Automatic rule installation in case of policy change in software defined networks

Software Defined Networking (SDN) has emerged recently as a new network architecture. It implements both control and management planes at centralized controller and data plane at forwarding devices. Therefore, SDN helps to simplify network management and improves network programmability. Changes in network policies occur frequently by making modifications at controller. However, in existing approaches, the rules installed at switches before policy change at controller are not modified. This can cause violation of network policy by packets. To address this problem, this paper presents a new approach that stores the rules generated at controller. After detecting the change in policy, the proposed approach finds the rules that will be affected by policy change by examining stored rules at controller. Then the affected rules are removed from the forwarding devices. Simulation results reveal that our proposed approach provides less packets violation ratio and normalized traffic overhead as compared to existing approach. Therefore, the proposed approach increases network performance and efficiency.     

Optimized intrusion detection mechanism using soft computing techniques

Intrusion detection is an important technique in computer and network security. A variety of intrusion detection approaches be present to resolve this severe issue but the main problem is performance. It is important to increase the detection rates and reduce false alarm rates in the area of intrusion detection. Therefore, in this research, an optimized intrusion detection mechanism using soft computing techniques is proposed to overcome performance issues. The KDD-cup dataset is used that is a benchmark for evaluating the security detection mechanisms. The Principal Component Analysis (PCA) is applied to transform the input samples into a new feature space. The selecting of an appropriate number of principal components is a critical problem. So, Genetic Algorithm (GA) is used in the optimum selection of principal components instead of using traditional method. The Support Vector Machine (SVM) is used for classification purpose. The performance of this approach is addresses. Further, a comparative analysis is made with existing approaches. Consequently, this method provides optimal intrusion detection mechanism which is capable to minimize amount of features and maximize the detection rates.     

An incremental intrusion detection system using a new semi‐supervised stream classification method

In recent years, the utilization of machine learning and data mining techniques for intrusion detection has received great attention by both security research communities and intrusion detection system (IDS) developers. In intrusion detection, the most important constraints are the imbalanced class distribution, the scarcity of the labeled data, and the massive amounts of network flows. Moreover, because of the dynamic nature of the network flows, applying static learned models degrades the detection performance significantly over time. In this article, we propose a new semi‐supervised stream classification method for intrusion detection, which is capable of incremental updating using limited labeled data. The proposed method, called the incremental semi‐supervised flow network‐based IDS (ISF‐NIDS), relies on an incremental mixed‐data clustering, a new supervised cluster adjustment method, and an instance‐based learning. The ISF‐NIDS operates in real time and learns new intrusions quickly using limited storage and processing power. The experimental results on the KDD99, Moore, and Sperotto benchmark datasets indicate the superiority of the proposed method compared with the existing state‐of‐the‐art incremental IDSs.     

基于自编码网络特征降维的轻量级入侵检测模型

基于支持向量机(SVM)的入侵检测方法受时间和空间复杂度约束,在高维特征空间计算时面临“维数灾害”的问题.为此,本文提出一种基于自编码网络的支持向量机入侵检测模型(AN-SVM).首先,该模型采用多层无监督的限制玻尔兹曼机(RBM)将高维、非线性的原始数据映射至低维空间,建立高维空间和低维空间的双向映射自编码网络结构,进而运用基于反向传播网络的自编码网络权值微调算法重构低维空间数据的最优高维表示,从而获得原始数据的相应最优低维表示;最后,采用SVM分类算法对所学习到的最优低维表示进行入侵识别.实验结果表明,AN-SVM模型降低了入侵检测模型中分类的训练时间和测试时间,并且分类效果优于传统算法,是一种可行且高效的轻量级入侵检测模型.     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

改进支持向量机在网络入侵检测中的应用

为提高网络安全性,提出一种改进支持向量机的网络入侵检测算法.首先采用核主成分分析提取网络数据重要特征,加快网络入侵检测速度,然后采用粒子群算法对支持向量机参数进行优化,提高网络检测正确率.仿真实验结果表明,改进支持向量提高网络入侵检测正确率,降低漏检率,同时加快了网络入侵检测速度,是一种有效、实时性较强的网络入侵检测算法.     

UDM:NFV-based prevention mechanism against DDoS attack on SDN controller

DDoS attack extensively existed have been mortal threats for the software-defined networking (SDN) controllers and there is no any security mechanism which can prevent them yet.Combining SDN and network function virtualization (NFV),a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox (UDM) was proposed.The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed,and DDoS attack packets were detected and denied.An NFV-based method of implementing the upfront middlebox was put forward,which made the UDM mechanism be economical and effective.A prototype system based on this mechanism was implemented and lots experiments were tested.The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers.     

基于SDN的DDoS攻击检测和防护机制研究

随着云计算和大数据等技术的发展,传统网络已经无法满足飞速发展的需求,软件定义网络(SDN)的出现带来了网络发展的变革,虽然SDN已经得到一定的应用,但是其仍处在研究完善阶段.本文阐述了SDN的关键技术以及主要协议,分析了SDN面临的安全问题,提出了一种基于流表特征的DDoS攻击检测方法,并给出了对应的攻击缓解方案.     

A novel energy‐aware routing mechanism for SDN‐enabled WSAN

Energy consumption is one of the most important design constraints when building a wireless sensor and actuator network since each device in the network has a limited battery capacity, and prolonging the lifetime of the network depends on saving energy. Overcoming this challenge requires a smart and reconfigurable network energy management strategy. The Software‐Defined Networking (SDN) paradigm aims at building a flexible and dynamic network structure, especially in wireless sensor networks. In this study, we propose an SDN‐enabled wireless sensor and actuator network architecture that has a new routing discovery mechanism. To build a flexible and energy‐efficient network structure, a new routing decision approach that uses a fuzzy‐based Dijkstra's algorithm is developed in the study. The proposed architecture can change the existing path during data transmission, which is the key property of our model and is achieved through the adoption of the SDN approach. All the components and algorithms of the proposed system are modeled and simulated using the Riverbed Modeler software for more realistic performance evaluation. The results indicate that the proposed SDN‐enabled structure with fuzzy‐based Dijkstra's algorithm outperforms the one using the regular Dijkstra's and the ZigBee‐based counterpart, in terms of the energy consumption ratio, and the proposed architecture can provide an effective cluster routing while prolonging the network lifetime.     

基于ICA的多维贝叶斯分类器

多维贝叶斯分类器是处理多维分类问题的概率图形模型,其中属性变量可决定一个或多个类变量。文中针对属性变量维数较高和信息冗余问题,采用Fast ICA算法对属性变量进行降维,从而将高维属性变量约减为能较完整描述数据信息的低维属性变量。然后根据约减后的属性变量构建多维贝叶斯分类器;最终,通过理论分析得到基于ICA的多维贝叶斯分类器的性能较好。实验结果表明,对3组基准数据集的分类,基于ICA的多维贝叶斯分类器相比于其他算法具有较高的分类准确率。