Abstract
Software defined network (SDN) is a promising new network abstraction that aims to improve and facilitate network management. Due to its centralized architecture and the lack of intelligence on the data plane, SDN suffers from many security issues that slows down its deployment. Man in the Middle (MitM) attack is considered as one of the most devastating attacks in an SDN context. In fact, MitM attack allows the attackers to capture, duplicate and spoof flows by targeting southbound interfaces and SDN nodes. Furthermore, it’s very difficult to detect MitM attacks since it is performed passively at the SDN level. To reduce the impact of this attack, we generally set up security policies and authentication mechanisms. However, these techniques are not applicable for a large scale SDN architecture as they require complexes and static configurations and as they negatively influence on network performance. In this paper, we propose an intrusion detection and prevention framework by using machine learning techniques to detect and stop MitM attempts. To do so, we build a context-based node acceptance based on the random forest model (CBNA-RF), which helps to setting-up appropriate security policies and to automating defense operations on a large-scale SDN context. This mechanism can realize a quick and early detection of MitM attacks by automatically detecting malicious nodes without affecting performances. The evaluation of the proposed framework demonstrates that our model can correctly classify and detect malicious connections and nodes while keeping high accuracy and precision scores.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abubakar A, Bernardi P (2017) Machine learning based intrusion detection system for software defined networks. In: 2017 Seventh International Conference on Emerging Security Technologies (EST). IEEE, pp. 138-143. https://doi.org/10.1109/EST.2017.8090413
Ahmad I et al (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutor 17(4):2317–2346. https://doi.org/10.1109/COMST.2015.2474118
Ahmed T, Oreshkin B, Coates M (2007) Machine learning approaches to network anomaly detection. In: Proceedings of the 2nd USENIX workshop on Tackling computer systems problems with machine learning techniques. USENIX Association, pp. 1-6. https://doi.org/10.5555/1361442.1361449
Ali AF, Bhaya WS (2019) Software defined network (SDN) security against address resolution protocol poisoning attack. J Comput Theor Nanosci 16(3):956–963. https://doi.org/10.1166/jctn.2019.7982
Aliyu F, Sheltami T, Shakshuki EM (2018) A detection and prevention technique for man in the middle attack in fog computing. Procedia Comput Sci 141:24–31. https://doi.org/10.1016/j.procs.2018.10.125
Belhadi A et al (2019) Understanding the capabilities of Big Data Analytics for manufacturing process: insights from literature review and multiple case study. In: Computers & Industrial Engineering, p. 106099. https://doi.org/10.1016/j.cie.2019.106099
Belhadi A et al (2020) The integrated effect of big data analytics, lean six sigma and green manufacturing on the environmental performance of manufacturing companies: The case of North Africa. J Clean Prod 252:119903. https://doi.org/10.1016/j.jclepro.2019.119903
Bhushan K, Gupta BB (2019a) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Ambient Intell Humaniz Comput 10(5):1985–1997. https://doi.org/10.1007/s12652-018-0800-9
Bhushan K, Gupta BB (2019b) Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. J Amb Intell Humaniz Comput 10(5):1985–1997. https://doi.org/10.1007/s12652-018-0800-9
Brooks M, Yang B (2015) A Man-in-the-Middle attack against OpenDayLight SDN controller. In: Proceedings of the 4th Annual ACM Conference on Research in Information Technology. ACM, pp. 45-49. https://doi.org/10.1145/2808062.2808073
Chen P-J, Chen Y (2015) Implementation of SDN based network intrusion detection and prevention system. In: 2015 International Carnahan Conference on Security Technology (ICCST). IEEE, pp. 141-146. https://doi.org/10.1109/CCST.2015.7389672
Dacier MC et al (2017) Security challenges and opportunities of software-defined networking. IEEE Secur Priv 15(2):96–100. https://doi.org/10.1109/MSP.2017.46
Dwivedi R et al (2018) A fingerprint based crypto-biometric system for secure communication. In: arXiv preprint arXiv:1805.08399. https://doi.org/10.1007/s12652-019-01437-5
Festijo E, Jung Y, Peradilla M (2019) Software-defined security controller-based group management and end-to-end security management. J Ambient Intell Humaniz Comput 10(9):3365–3382. https://doi.org/10.1007/s12652-018-0678-6
Hong S et al (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. NDSS 15:8–11. https://doi.org/10.14722/ndss.2015.23283
Hu Z et al (2015) A comprehensive security architecture for SDN. In: 2015 18th International Conference on Intelligence in Next Generation Networks. IEEE, pp. 30-37. https://doi.org/10.1109/ICIN.2015.7073803
Jain AK, Gupta BB (2019) A machine learning based approach for phishing detection using hyperlinks information. J Ambient Intell Humaniz Comput 10(5):2015–2028. https://doi.org/10.1007/s12652-018-0798-z
Jararweh Y et al (2015) SDIoT: a software defined based internet of things framework. J Ambient Intell Humaniz Comput 6(4):453–461. https://doi.org/10.1007/s12652-015-0290-y
Kandoi R, Antikainen M (2015) Denial-of-service attacks in OpenFlow SDN networks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, pp. 1322-1326. https://doi.org/10.1109/INM.2015.7140489
Karim ZKIK, TEBAA Maha, HAJJI Said EL (2015) New homomorphic platform for authentication and downloading data in MCC. In: Proceedings of the world congress on engineering. Vol. 1
Koning R et al (2019) Measuring the efficiency of sdn mitigations against attacks on computer infrastructures. Futur Gen Comput Syst 91:144–156. https://doi.org/10.1016/j.future.2018.08.011
Kreutz D et al (2014) Software-defined networking: a comprehensive survey. In: arXiv preprint arXiv:1406.0440. https://doi.org/10.1109/JPROC.2014.2371999
Li C et al (2017a) Securing SDN infrastructure of IoT-fog networks from MitM attacks. IEEE Internet Things J 4(5):1156–1164. https://doi.org/10.1109/JIOT.2017.2685596
Li J, Zhao Z, Li R (2017b) A machine learning based intrusion detection system for software defined 5G network. In: arXiv preprint arXiv:1708.04571
Lu Z et al (2017) The best defense strategy against session hijacking using security game in sdn. In: 2017 IEEE 19th International Conference on High Performance Computing and Communications; IEEE 15th International Conference on Smart City; IEEE 3rd International Conference on Data Science and Systems (HPCC/SmartCity/DSS). IEEE, pp. 419-426. https://doi.org/10.1109/HPCC-SmartCity-DSS.2017.55
Phung C-D et al (2019) MPTCP robustness against large-scale manin- the-middle attacks. In: Computer Networks 164, p. 106896. https://doi.org/10.1016/j.comnet.2019.106896
Qin B et al (2017) Cecoin: a decentralized PKI mitigating MitM attacks. In: Future Generation Computer Systems. https://doi.org/10.1016/j.future.2017.08.025
Rowshanrad S et al (2014) A survey on SDN, the future of networking. J Adv Comput Sci Technol 3(2):232–248. https://doi.org/10.14419/jacst.v3i2.3754
Scale R (2019) Cloud computing trends: 2019 state of the cloud survey. In:
Scott-Hayward, Sandra, O’Callaghan Gemma, Sezer Sakir (2013) SDN security: A survey. In: 2013 IEEE SDN For Future Networks and Services (SDN4FNS). IEEE, pp. 1-7. https://doi.org/10.1109/SDN4FNS.2013.6702553
Sebbar A et al (2018) Detection MITM Attack in Multi-SDN Controller. In: 2018 IEEE 5th International Congress on Information Science and Technology (CiSt). IEEE, pp. 583-587. https://doi.org/10.1109/CIST.2018.8596479
Sebbar A et al (2019a) New context-based node acceptance CBNA framework for MitM detection in SDN Architecture. In: Procedia Computer Science 160, pp. 825-830. https://doi.org/10.1016/j.procs.2019.11.004
Sebbar A et al (2019b) Using advanced detection and prevention technique to mitigate threats in SDN architecture. In: 2019 15th International Wireless Communications & Mobile Computing Conference (IWCMC). IEEE, pp. 90-95. https://doi.org/10.1109/IWCMC.2019.8766552
Sezer S et al (2013) Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communs Mag 51(7):36–43. https://doi.org/10.1109/MCOM.2013.6553676
Shi T, Horvath S (2006) Unsupervised learning with random forest predictors. J Comput Graph Stat 15(1):118–138. https://doi.org/10.1198/106186006X94072
Sultana N et al (2019) Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw Appl 12(2):493–501. https://doi.org/10.1007/s12083-017-0630-0
Tang TA et al (2016) Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM). IEEE, pp. 258-263. https://doi.org/10.1109/WINCOM.2016.7777224
Vapnik V (2005) Universal learning technology: support vector machines. NEC J Adv Technol 2(2):137–144
Wang X et al (2016) Novel mitm attacks on security protocols in sdn: A feasibility study. In: International Conference on Information and Communications Security. Springer, pp. 455-465. https://doi.org/10.1007/978-3-319-50011-9_3
Zhang H, Tang F, Barolli L (2019) Efficient flow detection and scheduling for SDN-based big data centers. J Ambient Intell Humaniz Comput 10(5):1915–1926. https://doi.org/10.1007/s12652-018-0783-6
Zhang M-L, Zhou Z-H (2005) A k-nearest neighbor based algorithm for multi-label classification. GrC 5:718–721. https://doi.org/10.1109/grc.2005.1547385
Zkik K, Hajji SE, Orhanou G (2018) A centralized secure plan for detecting and mitigation incidents in hybrid SDN. In: MATEC Web of Conferences. Vol. 189. EDP Sciences, p. 10015. https://doi.org/10.1051/matecconf/201818910015
Zkik K et al (2019) An efficient modular security plane AM-SecP for hybrid distributed SDN. In: 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). IEEE, pp. 354-359. https://doi.org/10.1109/WiMOB.2019.8923557
Zuo Z et al (2020) P4Label: packet forwarding control mechanism based on P4 for software-defined networking. J Ambient Intell Humaniz Comput, pp. 1-14. https://doi.org/10.1007/s12652-020-01719-3
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sebbar, A., ZKIK, K., Baddi, Y. et al. MitM detection and defense mechanism CBNA-RF based on machine learning for large-scale SDN context. J Ambient Intell Human Comput 11, 5875–5894 (2020). https://doi.org/10.1007/s12652-020-02099-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-020-02099-4