A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context

Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be cons...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2024, Vol.12, p.75792-75808
Main Authors: Jimenez, Maria B., Fernandez, David, Eduardo Rivadeneira, Jorge, Flores-Moyano, Ricardo
Format: Article
Language:English
Subjects:
Artificial intelligence
artificial intelligence algorithms
Computer forensics
Cybersecurity
DDoS attacks
Denial-of-service attack
Digital forensics
Feature extraction
Filtering
Filtration
Forensic computing
Forensic sciences
Litigation
Proposals
Recurrent neural networks
SDN attacks
SDN cybersecurity
SDN dataset
SDN DFIR
SDN forensics
Software-defined networking
Support vector machines
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be considered, and potential attacks must be discarded. When this occurs, not only the technical areas are interested in the source of the problem, but also the organizational areas, since attacks can violate terms of service and lead to legal actions. Despite the shared interest in cybersecurity event information, forensics and incident response processes often operate independently, impacting the root cause determination. Considering this concern, an architectural evolution for digital forensics and incident response (DFIR) management is introduced. This paper presents an event filtering model that serves as a trigger for initialing the DFIR process, which involves the detection of unusual traffic and unexpected behavior of SDN elements. The proposal applies artificial intelligence technology and showcases the performance of the model and the presentation of a proprietary dataset obtained from OpenFlow traffic.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3405588