VARMAN: Multi-plane security framework for software defined networks

In the context of future networking technologies, Software-Defined paradigm offers compelling solutions and advantages for traffic orchestration and shaping, flexible and dynamic routing, programmable control and smart application-driven resource management. But the SDN operation has to confront cri...

Full description

Saved in:
Bibliographic Details
Published in:Computer communications 2019-12, Vol.148, p.215-239
Main Authors: Krishnan, Prabhakar, Duttagupta, Subhasri, Achuthan, Krishnashree
Format: Article
Language:English
Subjects:
Botnet
CICIDS2017
Cloud
DDoS
Deep learning
Edge networks
IDS
IoT
IPS
Machine learning
Malware
Network security
NFV
NIDS
SDN
SDNFV
Security
Threat analytics
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In the context of future networking technologies, Software-Defined paradigm offers compelling solutions and advantages for traffic orchestration and shaping, flexible and dynamic routing, programmable control and smart application-driven resource management. But the SDN operation has to confront critical issues and technical vulnerabilities, security problems and threats in the enabling technical architecture itself. To address the critical security problems in SDN enabled data centers, we propose a collaborative “Network Security and Intrusion Detection System(NIDS)” scheme called ‘VARMAN: adVanced multi-plAne secuRity fraMework for softwAre defined Networks’. The SDN security scheme comprises of coarse-grained flow monitoring algorithms on the dataplane for rapid anomaly detection and prediction of network-centric DDoS/botnet attacks. In addition, this is combined with a fine-grained hybrid deep-learning based classifier pipeline on the control plane. It is observed that existing ML-based classifiers improve the accuracy of NIDS, however, at the cost of higher processing power and memory requirement, thus unrealistic for real-time solutions. To address these problems and still achieve accuracy and speed, we designed a hybrid model, combining both deep and shallow learning techniques, that are implemented in an improved SDN stack. The data plane deploys attack prediction and behavioral trigger mechanisms, efficient data filtering, feature selection, and data reduction techniques. To demonstrate the practical feasibility of our security scheme in real modern datacenters, we utilized the popular NSL-KDD dataset, most recent CICIDS2017 dataset, and refined it to a balanced dataset containing a comparable number of normal traffic and malware samples. We further augmented the training by organically generating datasets from lab-simulated and public-network hosted hackathon websites. The results show that VARMAN framework is capable of detecting attacks in real-time with accuracy more than 98% under attack intensities up to 50k packets/second. In a multi-controller interconnected SDN domain, the flow setup time improves by 70% on an average, and controller response time reduces by 40%, without incurring additional latency due to security intelligence processing overhead in SDN stack. The comparisons of VARMAN under similar attack scenarios and test environment, with related recent works that utilized ML-based NIDS, demonstrate that our scheme offers higher accu
ISSN:0140-3664
1873-703X
DOI:10.1016/j.comcom.2019.09.014