research-article

Public Access

Dynamic Game based Security framework in SDN-enabled Cloud Networking Environments

Authors:

Ankur Chowdhary,

Sandeep Pisharody,

Adel Alshamrani,

Dijiang HuangAuthors Info & Claims

SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 53 - 58

https://doi.org/10.1145/3040992.3040998

Published: 24 March 2017 Publication History

Abstract

SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided by the SDN environment to provide a game theoretic attack analysis and countermeasure selection model in this research work. The model is based on reward and punishment in a dynamic game with multiple players. The network bandwidth of attackers is downgraded for a certain period of time, and restored to normal when the player resumes cooperation. The presented solution is based on Nash Folk Theorem, which is used to implement a punishment mechanism for attackers who are part of DDoS traffic, and reward for players who cooperate, in effect enforcing desired outcome for the network administrator.

References

[1]

Openflow switch specification v 1.3.1. https://www.opennetworking.org/.

[2]

Mininet Virtual Network https://www.mininet.org/, 2015.

[3]

Snort IDS, https://www.snort.org/, 2017.

[4]

T. Alpcan and T. Basar. An intrusion detection game with limited observations. In Proceedings of the 12th Int. Symp. on Dynamic Games and Applications, 2006.

[5]

R. Braga, E. Mota, and A. Passito. Lightweight DDoS flooding attack detection using NOX/OpenFlow. In Local Computer Networks (LCN), 2010 IEEE 35th Conference on, pages 408--415. IEEE, 2010.

Digital Library

[6]

A. Chowdhary, S. Pisharody, and D. Huang. SDN based scalable MTD solution in cloud network. In Proceedings of the 2016 ACM Workshop on Moving Target Defense, pages 27--36. ACM, 2016.

Digital Library

[7]

C.-J. Chung. SDN-based Proactive Defense Mechanism in a Cloud System. PhD thesis, Arizona State University, 2015.

[8]

C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang. NICE: Network intrusion detection and countermeasure selection in virtual network systems. Dependable and Secure Computing, IEEE Transactions on, 10(4):198--211, 2013.

Digital Library

[9]

L. Foundation. Opendaylight SDN controller. https://www.opendaylight.org/, 2017.

[10]

J. H. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: Transparent moving target defense using software defined networking. In Proceedings of the first workshop on Hot topics in software defined networks, pages 127--132. ACM, 2012.

Digital Library

[11]

Q. Jia, K. Sun, and A. Stavrou. MOTAG: Moving target defense against internet denial of service attacks. In 2013 22nd International Conference on Computer Communication and Networks (ICCCN), pages 1--9. IEEE, 2013.

[12]

P. Kampanakis, H. Perros, and T. Beyene. SDN-based solutions for moving target defense network protection. In World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2014 IEEE 15th International Symposium on a, pages 1--6. IEEE, 2014.

[13]

D. Kreutz, F. M. Ramos, P. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig. Software-defined networking: A comprehensive survey. proceedings of the IEEE, 103(1):14--76, 2015.

[14]

E. Z. Nick Feamster, Jennifer Rexford. The road to sdn: An intellectual history of programmable networks. In Proceedings of the ACM SIGCOMM, pages 87--98. ACM, 2014.

Digital Library

[15]

S. Pisharody, A. Chowdhary, and D. Huang. Security policy checking in distributed SDN based clouds. In 2016 IEEE Conference on Communications and Network Security (CNS) (IEEE CNS 2016), Oct. 2016.

[16]

K. G. Richard Colbaugh. Predictability oriented defense against adaptive adversaries. In Proceedings of IEEE International Conference on Systems, Man, and Cybernetics (SMC), pages 14--17. IEEE, 2012.

[17]

S. Shin, P. A. Porras, V. Yegneswaran, M. W. Fong, G. Gu, and M. Tyson. Fresco: Modular composable security services for software-defined networks. 2013.

[18]

S. G. Vadlamudi, S. Sengupta, S. Kambhampati, M. Taguinod, Z. Zhao, A. Doupé, and G. Ahn. Moving target defense for web applications using bayesian stackelberg games. CoRR, abs/1602.07024, 2016.

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Chahal JBhandari ABehal S(2024)DDoS attacks & defense mechanisms in SDN-enabled cloudComputer Science Review10.1016/j.cosrev.2024.10064453:COnline publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2024.100644
Mvah FKengne Tchendji VTayou Djamegni CAnwar ATosh DKamhoua C(2024)GaTeBaSep: game theory-based security protocol against ARP spoofing attacks in software-defined networksInternational Journal of Information Security10.1007/s10207-023-00749-023:1(373-387)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10207-023-00749-0
Show More Cited By

Recommendations

MTD Analysis and evaluation framework in Software Defined Network (MASON)
SDN-NFV Sec'18: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Security issues in a Software Defined Network (SDN) environment like system vulnerabilities and intrusion attempts can pose a security risk for multi-tenant network managed by SDN. In this research work, Moving target defense (MTD)technique based on ...
Cyber-Secure SDN: A CNN-Based Approach for Efficient Detection and Mitigation of DDoS attacks
Abstract
Software Defined Networking (SDN) has become popular due to its flexibility and agility in network management, enabling rapid adaptation to changing business requirements, enhancing network performance, and reducing operational costs. However, ...
SDN Control Plane Security in Cloud Computing Against DDoS Attack
AICTC '16: Proceedings of the International Conference on Advances in Information Communication Technology & Computing

In Software Defined Networking a Denial-of- Service (DoS) or Distributed Denial-of-Service (DDoS) attack is an attempt to make a machine or network resources unreachable for its particular users. so, the require for security of such network controller ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SDN-NFVSec '17: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2017

80 pages

ISBN:9781450349086

DOI:10.1145/3040992

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 March 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

CODASPY '17

Sponsor:

SIGSAC

CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy

March 24, 2017

Arizona, Scottsdale, USA

Acceptance Rates

SDN-NFVSec '17 Paper Acceptance Rate 4 of 10 submissions, 40%;

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
797
Total Downloads

Downloads (Last 12 months)100
Downloads (Last 6 weeks)26

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Chahal JBhandari ABehal S(2024)DDoS attacks & defense mechanisms in SDN-enabled cloudComputer Science Review10.1016/j.cosrev.2024.10064453:COnline publication date: 1-Aug-2024
https://dl.acm.org/doi/10.1016/j.cosrev.2024.100644
Mvah FKengne Tchendji VTayou Djamegni CAnwar ATosh DKamhoua C(2024)GaTeBaSep: game theory-based security protocol against ARP spoofing attacks in software-defined networksInternational Journal of Information Security10.1007/s10207-023-00749-023:1(373-387)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1007/s10207-023-00749-0
Pikov VRyapukhin AVeas Iniesta D(2023)Information Protection in Complexes with Unmanned Aerial Vehicles Using Moving Target TechnologyInventions10.3390/inventions80100188:1(18)Online publication date: 11-Jan-2023
https://doi.org/10.3390/inventions8010018
Ahmad SHabelamateen M(2023)Application of Artificial Intelligence and Machine Learning in Software Defined NetworksJournal of Smart Internet of Things10.2478/jsiot-2023-00022023:1(14-22)Online publication date: 14-Oct-2023
https://doi.org/10.2478/jsiot-2023-0002
Pagnotta GDe Gaspari FHitaj DAndreolini MColajanni MMancini L(2023)DOLOS: A Novel Architecture for Moving Target DefenseIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.331896418(5890-5905)Online publication date: 2023
https://doi.org/10.1109/TIFS.2023.3318964
Priyadarsini MBera PDas SRahman M(2023)A Security Enforcement Framework for SDN Controller Using Game Theoretic ApproachIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.315869020:2(1500-1515)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3158690
Piakaray DD SGoswami SRajasekaran SSharma KAlfurhood B(2023)A Survey on the Utilization of Artificial Intelligence and Machine Learning in the Field of Network Functions Virtualization and Software Defined Networking2023 3rd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)10.1109/ICACITE57410.2023.10182596(442-445)Online publication date: 12-May-2023
https://doi.org/10.1109/ICACITE57410.2023.10182596
Ryapukhin AKarpukhin EZhuikov I(2022)Method of Forming Various Configurations of Telecommunication System Using Moving Target DefenseInventions10.3390/inventions70300837:3(83)Online publication date: 16-Sep-2022
https://doi.org/10.3390/inventions7030083
Jalowski ŁZmuda MRawski M(2022)A Survey on Moving Target Defense for Networks: A Practical ViewElectronics10.3390/electronics1118288611:18(2886)Online publication date: 12-Sep-2022
https://doi.org/10.3390/electronics11182886
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten