A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context

Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be cons...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2024, Vol.12, p.75792-75808
Main Authors: Jimenez, Maria B., Fernandez, David, Eduardo Rivadeneira, Jorge, Flores-Moyano, Ricardo
Format: Article
Language:English
Subjects:
Artificial intelligence
artificial intelligence algorithms
Computer forensics
Cybersecurity
DDoS attacks
Denial-of-service attack
Digital forensics
Feature extraction
Filtering
Filtration
Forensic computing
Forensic sciences
Litigation
Proposals
Recurrent neural networks
SDN attacks
SDN cybersecurity
SDN dataset
SDN DFIR
SDN forensics
Software-defined networking
Support vector machines
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c289t-2a01e1a230c3cf2cbd6a0c3f5d9683015545fb03973325811afbce32f6d8eba13
container_end_page 75808
container_issue
container_start_page 75792
container_title IEEE access
container_volume 12
creator Jimenez, Maria B.
Fernandez, David
Eduardo Rivadeneira, Jorge
Flores-Moyano, Ricardo
description Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be considered, and potential attacks must be discarded. When this occurs, not only the technical areas are interested in the source of the problem, but also the organizational areas, since attacks can violate terms of service and lead to legal actions. Despite the shared interest in cybersecurity event information, forensics and incident response processes often operate independently, impacting the root cause determination. Considering this concern, an architectural evolution for digital forensics and incident response (DFIR) management is introduced. This paper presents an event filtering model that serves as a trigger for initialing the DFIR process, which involves the detection of unusual traffic and unexpected behavior of SDN elements. The proposal applies artificial intelligence technology and showcases the performance of the model and the presentation of a proprietary dataset obtained from OpenFlow traffic.
doi_str_mv 10.1109/ACCESS.2024.3405588
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_10539103</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10539103</ieee_id><doaj_id>oai_doaj_org_article_184a80aa21244d3eb87ca2d22dd4016b</doaj_id><sourcerecordid>3062738150</sourcerecordid><originalsourceid>FETCH-LOGICAL-c289t-2a01e1a230c3cf2cbd6a0c3f5d9683015545fb03973325811afbce32f6d8eba13</originalsourceid><addsrcrecordid>eNpNUcFqGzEQXUoLDWm-oD0Icl5H0qzW2qPZ2KkhTaBuz0IrzboyW8mVlJD-feRsCJnLDG_eezPwquorowvGaHe16vv1brfglDcLaKgQUn6ozjhruxoEtB_fzZ-ri5QOtJQskFieVYcV2bgpY3R-T34EixMZQyTrR2fRGyQ3Ov-Zl84T7cnu-q6-jw59Rkuu3d5lPZFNiOiTM4VgydabkzaTn5iOwSckfSjsp_yl-jTqKeHFaz-vfm_Wv_rv9e39zbZf3daGyy7XXFOGTHOgBszIzWBbXcZR2K6VQJkQjRgHCt0SgAvJmB4Hg8DH1kocNIPzajv72qAP6hjdXx3_q6CdegFC3CsdszMTKiYbLanWnPGmsYCDXBrNLefWNpS1Q_G6nL2OMfx7wJTVITxEX95XQFu-BMkELSyYWSaGlCKOb1cZVaeM1JyROmWkXjMqqm-zyiHiO4WAjlGAZzwLjEc</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3062738150</pqid></control><display><type>article</type><title>A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context</title><source>IEEE Open Access Journals</source><creator>Jimenez, Maria B. ; Fernandez, David ; Eduardo Rivadeneira, Jorge ; Flores-Moyano, Ricardo</creator><creatorcontrib>Jimenez, Maria B. ; Fernandez, David ; Eduardo Rivadeneira, Jorge ; Flores-Moyano, Ricardo</creatorcontrib><description>Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be considered, and potential attacks must be discarded. When this occurs, not only the technical areas are interested in the source of the problem, but also the organizational areas, since attacks can violate terms of service and lead to legal actions. Despite the shared interest in cybersecurity event information, forensics and incident response processes often operate independently, impacting the root cause determination. Considering this concern, an architectural evolution for digital forensics and incident response (DFIR) management is introduced. This paper presents an event filtering model that serves as a trigger for initialing the DFIR process, which involves the detection of unusual traffic and unexpected behavior of SDN elements. The proposal applies artificial intelligence technology and showcases the performance of the model and the presentation of a proprietary dataset obtained from OpenFlow traffic.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2024.3405588</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Artificial intelligence ; artificial intelligence algorithms ; Computer forensics ; Cybersecurity ; DDoS attacks ; Denial-of-service attack ; Digital forensics ; Feature extraction ; Filtering ; Filtration ; Forensic computing ; Forensic sciences ; Litigation ; Proposals ; Recurrent neural networks ; SDN attacks ; SDN cybersecurity ; SDN dataset ; SDN DFIR ; SDN forensics ; Software-defined networking ; Support vector machines</subject><ispartof>IEEE access, 2024, Vol.12, p.75792-75808</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2024</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c289t-2a01e1a230c3cf2cbd6a0c3f5d9683015545fb03973325811afbce32f6d8eba13</cites><orcidid>0000-0002-2172-9162 ; 0000-0003-1838-9053 ; 0000-0002-4171-1939 ; 0000-0002-7785-7761</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10539103$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Jimenez, Maria B.</creatorcontrib><creatorcontrib>Fernandez, David</creatorcontrib><creatorcontrib>Eduardo Rivadeneira, Jorge</creatorcontrib><creatorcontrib>Flores-Moyano, Ricardo</creatorcontrib><title>A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context</title><title>IEEE access</title><addtitle>Access</addtitle><description>Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be considered, and potential attacks must be discarded. When this occurs, not only the technical areas are interested in the source of the problem, but also the organizational areas, since attacks can violate terms of service and lead to legal actions. Despite the shared interest in cybersecurity event information, forensics and incident response processes often operate independently, impacting the root cause determination. Considering this concern, an architectural evolution for digital forensics and incident response (DFIR) management is introduced. This paper presents an event filtering model that serves as a trigger for initialing the DFIR process, which involves the detection of unusual traffic and unexpected behavior of SDN elements. The proposal applies artificial intelligence technology and showcases the performance of the model and the presentation of a proprietary dataset obtained from OpenFlow traffic.</description><subject>Artificial intelligence</subject><subject>artificial intelligence algorithms</subject><subject>Computer forensics</subject><subject>Cybersecurity</subject><subject>DDoS attacks</subject><subject>Denial-of-service attack</subject><subject>Digital forensics</subject><subject>Feature extraction</subject><subject>Filtering</subject><subject>Filtration</subject><subject>Forensic computing</subject><subject>Forensic sciences</subject><subject>Litigation</subject><subject>Proposals</subject><subject>Recurrent neural networks</subject><subject>SDN attacks</subject><subject>SDN cybersecurity</subject><subject>SDN dataset</subject><subject>SDN DFIR</subject><subject>SDN forensics</subject><subject>Software-defined networking</subject><subject>Support vector machines</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNUcFqGzEQXUoLDWm-oD0Icl5H0qzW2qPZ2KkhTaBuz0IrzboyW8mVlJD-feRsCJnLDG_eezPwquorowvGaHe16vv1brfglDcLaKgQUn6ozjhruxoEtB_fzZ-ri5QOtJQskFieVYcV2bgpY3R-T34EixMZQyTrR2fRGyQ3Ov-Zl84T7cnu-q6-jw59Rkuu3d5lPZFNiOiTM4VgydabkzaTn5iOwSckfSjsp_yl-jTqKeHFaz-vfm_Wv_rv9e39zbZf3daGyy7XXFOGTHOgBszIzWBbXcZR2K6VQJkQjRgHCt0SgAvJmB4Hg8DH1kocNIPzajv72qAP6hjdXx3_q6CdegFC3CsdszMTKiYbLanWnPGmsYCDXBrNLefWNpS1Q_G6nL2OMfx7wJTVITxEX95XQFu-BMkELSyYWSaGlCKOb1cZVaeM1JyROmWkXjMqqm-zyiHiO4WAjlGAZzwLjEc</recordid><startdate>2024</startdate><enddate>2024</enddate><creator>Jimenez, Maria B.</creator><creator>Fernandez, David</creator><creator>Eduardo Rivadeneira, Jorge</creator><creator>Flores-Moyano, Ricardo</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-2172-9162</orcidid><orcidid>https://orcid.org/0000-0003-1838-9053</orcidid><orcidid>https://orcid.org/0000-0002-4171-1939</orcidid><orcidid>https://orcid.org/0000-0002-7785-7761</orcidid></search><sort><creationdate>2024</creationdate><title>A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context</title><author>Jimenez, Maria B. ; Fernandez, David ; Eduardo Rivadeneira, Jorge ; Flores-Moyano, Ricardo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c289t-2a01e1a230c3cf2cbd6a0c3f5d9683015545fb03973325811afbce32f6d8eba13</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Artificial intelligence</topic><topic>artificial intelligence algorithms</topic><topic>Computer forensics</topic><topic>Cybersecurity</topic><topic>DDoS attacks</topic><topic>Denial-of-service attack</topic><topic>Digital forensics</topic><topic>Feature extraction</topic><topic>Filtering</topic><topic>Filtration</topic><topic>Forensic computing</topic><topic>Forensic sciences</topic><topic>Litigation</topic><topic>Proposals</topic><topic>Recurrent neural networks</topic><topic>SDN attacks</topic><topic>SDN cybersecurity</topic><topic>SDN dataset</topic><topic>SDN DFIR</topic><topic>SDN forensics</topic><topic>Software-defined networking</topic><topic>Support vector machines</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Jimenez, Maria B.</creatorcontrib><creatorcontrib>Fernandez, David</creatorcontrib><creatorcontrib>Eduardo Rivadeneira, Jorge</creatorcontrib><creatorcontrib>Flores-Moyano, Ricardo</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jimenez, Maria B.</au><au>Fernandez, David</au><au>Eduardo Rivadeneira, Jorge</au><au>Flores-Moyano, Ricardo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2024</date><risdate>2024</risdate><volume>12</volume><spage>75792</spage><epage>75808</epage><pages>75792-75808</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Software-defined networking (SDN) architecture enables flexible and centralized network management from the controller, making it increasingly attractive in deploying telecommunications services. However, despite the many benefits of SDN, the vulnerabilities inherent in its architecture must be considered, and potential attacks must be discarded. When this occurs, not only the technical areas are interested in the source of the problem, but also the organizational areas, since attacks can violate terms of service and lead to legal actions. Despite the shared interest in cybersecurity event information, forensics and incident response processes often operate independently, impacting the root cause determination. Considering this concern, an architectural evolution for digital forensics and incident response (DFIR) management is introduced. This paper presents an event filtering model that serves as a trigger for initialing the DFIR process, which involves the detection of unusual traffic and unexpected behavior of SDN elements. The proposal applies artificial intelligence technology and showcases the performance of the model and the presentation of a proprietary dataset obtained from OpenFlow traffic.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2024.3405588</doi><tpages>17</tpages><orcidid>https://orcid.org/0000-0002-2172-9162</orcidid><orcidid>https://orcid.org/0000-0003-1838-9053</orcidid><orcidid>https://orcid.org/0000-0002-4171-1939</orcidid><orcidid>https://orcid.org/0000-0002-7785-7761</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2024, Vol.12, p.75792-75808
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_10539103
source IEEE Open Access Journals
subjects Artificial intelligence
artificial intelligence algorithms
Computer forensics
Cybersecurity
DDoS attacks
Denial-of-service attack
Digital forensics
Feature extraction
Filtering
Filtration
Forensic computing
Forensic sciences
Litigation
Proposals
Recurrent neural networks
SDN attacks
SDN cybersecurity
SDN dataset
SDN DFIR
SDN forensics
Software-defined networking
Support vector machines
title A Filtering Model for Evidence Gathering in an SDN-Oriented Digital Forensic and Incident Response Context
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-30T22%3A46%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Filtering%20Model%20for%20Evidence%20Gathering%20in%20an%20SDN-Oriented%20Digital%20Forensic%20and%20Incident%20Response%20Context&rft.jtitle=IEEE%20access&rft.au=Jimenez,%20Maria%20B.&rft.date=2024&rft.volume=12&rft.spage=75792&rft.epage=75808&rft.pages=75792-75808&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2024.3405588&rft_dat=%3Cproquest_ieee_%3E3062738150%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c289t-2a01e1a230c3cf2cbd6a0c3f5d9683015545fb03973325811afbce32f6d8eba13%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=3062738150&rft_id=info:pmid/&rft_ieee_id=10539103&rfr_iscdi=true