Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response †
Abstract
:1. Introduction
- To detect the timing side-channel attacks, this solution employs machine learning techniques to accurately predict the network timing probe activity. First, we review, the currently available SDN datasets for the timing side-channel attack parameters. Subsequently, we generated a dataset and utilised our labelling algorithm.
- A response mechanism is implemented to respond to the identified side-channel attack probes. This mechanism involves developing a feedback-oriented response, designed to block or divert the identified source, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses.
2. Related Work
3. Proposed Methodology
3.1. Solution Architecture
3.1.1. Detection Phase
3.1.2. Response Phase
3.2. Dataset
3.3. Solution Blueprint
3.3.1. Conversion Module
3.3.2. Pre-Processing Module
3.3.3. Algorithm (Labelling Scheme)
Algorithm 1 Classification algorithm for attack packets [47] |
N = Number of samples with no destination MAC addresses. |
T = Total Number of collected samples. |
i = N; |
t = T; |
n ← 10; |
p ← 0.8; |
3.3.4. Training Module
3.3.5. Monitoring Module
3.3.6. Data Collection Module
3.3.7. Data Analysis Module
3.3.8. Response Module
3.3.9. Feedback Module
4. Experiments and Results
5. Discussion
5.1. Comparison with Other Work
5.2. Advantages
5.2.1. Compatibility with SDN Environments
5.2.2. Validation of Attack Responses
5.2.3. Reduced Impact of Attack and Downtime
5.2.4. Reduced Human Interference
5.3. Limitations
6. Conclusions and Future Work
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
Abbreviations
SDN | Software-defined networking |
DDoS | Distributed Denial-of-Service |
TTL | Time-to-live |
References
- Maleh, Y.; Qasmaoui, Y.; El Gholami, K.; Sadqi, Y.; Mounir, S. A comprehensive survey on SDN security: Threats, mitigations, and future directions. J. Reliab. Intell. Environ. 2022, 9, 201–239. [Google Scholar] [CrossRef]
- Scott-Hayward, S.; Natarajan, S.; Sezer, S. A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 2015, 18, 623–654. [Google Scholar] [CrossRef]
- Chica, J.C.C.; Imbachi, J.C.; Vega, J.F.B. Security in SDN: A comprehensive survey. J. Netw. Comput. Appl. 2020, 159, 102595. [Google Scholar] [CrossRef]
- Liu, Y.; Wang, Y.; Zhang, J. New machine learning algorithm: Random forest. In Proceedings of the Information Computing and Applications: Third International Conference, ICICA 2012, Chengde, China, 14–16 September 2012; Proceedings 3. Springer: Berlin/Heidelberg, Germany, 2012; pp. 246–252. [Google Scholar]
- Jijo, B.T.; Abdulazeez, A.M. Classification based on decision tree algorithm for machine learning. Evaluation 2021, 6, 7. [Google Scholar]
- Chen, T.; Guestrin, C. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd Acm Sigkdd International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, 13–17 August 2016; pp. 785–794. [Google Scholar]
- Dietterich, T.G. Ensemble methods in machine learning. In Proceedings of the Multiple Classifier Systems: First International Workshop, MCS 2000, Cagliari, Italy, 21–23 June 2000; Proceedings 1. Springer: Berlin/Heidelberg, Germany, 2000; pp. 1–15. [Google Scholar]
- Su, R.; Zhang, D.; Venkatesan, R.; Gong, Z.; Li, C.; Ding, F.; Jiang, F.; Zhu, Z. Resource allocation for network slicing in 5G telecommunication networks: A survey of principles and models. IEEE Netw. 2019, 33, 172–179. [Google Scholar] [CrossRef]
- Ahvar, E.; Ahvar, S.; Raza, S.M.; Manuel Sanchez Vilchez, J.; Lee, G.M. Next generation of SDN in cloud-fog for 5G and beyond-enabled applications: Opportunities and challenges. Network 2021, 1, 28–49. [Google Scholar] [CrossRef]
- Lin, B.S.P. Toward an AI-enabled SDN-based 5G & IoT network. Netw. Commun. Technol. 2021, 5, 1–7. [Google Scholar]
- Sarica, A.K.; Angin, P. Explainable security in SDN-based IoT networks. Sensors 2020, 20, 7326. [Google Scholar] [CrossRef]
- Ahmad, I.; Kumar, T.; Liyanage, M.; Okwuibe, J.; Ylianttila, M.; Gurtov, A. Overview of 5G security challenges and solutions. IEEE Commun. Stand. Mag. 2018, 2, 36–43. [Google Scholar] [CrossRef]
- Martins, J.S.; Campos, M.B. A security architecture proposal for detection and response to threats in SDN networks. In Proceedings of the 2016 IEEE ANDESCON, Arequipa, Peru, 19–21 October 2016; pp. 1–4. [Google Scholar]
- Manu, B.; Koundinya, A.K. Intrusion Tolerant Architecture for SDN Networks Through Flow Monitoring. In Proceedings of the 2017 2nd International Conference on Computational Systems and Information Technology for Sustainable Solution (CSITSS), Bengaluru, India, 21–23 December 2017; pp. 1–5. [Google Scholar]
- Schnepf, N.; Badonnel, R.; Lahmadi, A.; Merz, S. Automated verification of security chains in software-defined networks with synaptic. In Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft), Bologna, Italy, 3–7 July 2017; pp. 1–9. [Google Scholar]
- Schnepf, N.; Badonnel, R.; Lahmadi, A.; Merz, S. Synaptic: A formal checker for SDN-based security policies. In Proceedings of the NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, 23–27 April 2018; pp. 1–2. [Google Scholar]
- Kocher, P.C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Proceedings of the Advances in Cryptology—CRYPTO’96: 16th Annual International Cryptology Conference, Santa Barbara, CA, USA, 18–22 August 1996; Proceedings 16. Springer: Berlin/Heidelberg, Germany, 1996; pp. 104–113. [Google Scholar]
- Cui, H.; Karame, G.O.; Klaedtke, F.; Bifulco, R. On the fingerprinting of software-defined networks. IEEE Trans. Inf. Forensics Secur. 2016, 11, 2160–2173. [Google Scholar] [CrossRef]
- Karimi, E.; Fei, Y.; Kaeli, D. Hardware/software obfuscation against timing side-channel attack on a GPU. In Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 7–11 December 2020; pp. 122–131. [Google Scholar]
- Sepulveda, M.J.; Diguet, J.P.; Strum, M.; Gogniat, G. NoC-based protection for SoC time-driven attacks. IEEE Embed. Syst. Lett. 2014, 7, 7–10. [Google Scholar] [CrossRef]
- Dunlap, S.; Butts, J.; Lopez, J.; Rice, M.; Mullins, B. Using timing-based side channels for anomaly detection in industrial control systems. Int. J. Crit. Infrastruct. Prot. 2016, 15, 12–26. [Google Scholar] [CrossRef]
- Shaghaghi, A.; Kaafar, M.A.; Buyya, R.; Jha, S. Software-defined network (SDN) data plane security: Issues, solutions, and future directions. In Handbook of Computer Networks and Cyber Security: Principles and Paradigms; Springer: Berlin/Heidelberg, Germany, 2020; pp. 341–387. [Google Scholar]
- Shoaib, F.; Chow, Y.W.; Vlahu-Gjorgievska, E. Preventing Timing Side-Channel Attacks in Software-Defined Networks. In Proceedings of the 2021 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), Brisbane, Australia, 8–10 December 2021; pp. 1–6. [Google Scholar]
- Yoon, C.; Lee, S.; Kang, H.; Park, T.; Shin, S.; Yegneswaran, V.; Porras, P.; Gu, G. Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw. 2017, 25, 3514–3530. [Google Scholar] [CrossRef]
- Conti, M.; De Gaspari, F.; Mancini, L.V. A novel stealthy attack to gather SDN configuration-information. IEEE Trans. Emerg. Top. Comput. 2018, 8, 328–340. [Google Scholar] [CrossRef]
- Zhang, M.; Li, G.; Xu, L.; Bai, J.; Xu, M.; Gu, G.; Wu, J. Control plane reflection attacks and defenses in software-defined networks. IEEE/ACM Trans. Netw. 2020, 29, 623–636. [Google Scholar] [CrossRef]
- Liu, S.; Reiter, M.K.; Sekar, V. Flow reconnaissance via timing attacks on SDN switches. In Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, GA, USA, 5–8 June 2017; pp. 196–206. [Google Scholar]
- Hou, J.; Zhang, M.; Zhang, Z.; Shi, W.; Qin, B.; Liang, B. On the fine-grained fingerprinting threat to software-defined networks. Future Gener. Comput. Syst. 2020, 107, 485–497. [Google Scholar] [CrossRef]
- Arsalan, A.; Rehman, R.A. Prevention of timing attack in software defined named data network with VANETs. In Proceedings of the 2018 International Conference on Frontiers of Information Technology (FIT), Islamabad, Pakistan, 17–19 December 2018; pp. 247–252. [Google Scholar]
- Liu, A.; Chen, J.X.; Wechsler, H. Real-time timing channel detection in an software-defined networking virtual environment. Intell. Inf. Manag. 2015, 7, 283. [Google Scholar] [CrossRef]
- Sahu, K.; Kshirsagar, R.; Vasudeva, S.; Alzahrani, T.; Karimian, N. Leveraging Timing Side-Channel Information and Machine Learning for IoT Security. In Proceedings of the 2021 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, 10–12 January 2021; pp. 1–6. [Google Scholar]
- Amin, R.; Rojas, E.; Aqdus, A.; Ramzan, S.; Casillas-Perez, D.; Arco, J.M. A survey on machine learning techniques for routing optimization in SDN. IEEE Access 2021, 9, 104582–104611. [Google Scholar] [CrossRef]
- Wijesekara, P.A.D.S.N.; Gunawardena, S. A Machine Learning-Aided Network Contention-Aware Link Lifetime-and Delay-Based Hybrid Routing Framework for Software-Defined Vehicular Networks. Telecom 2023, 4, 393–458. [Google Scholar] [CrossRef]
- Ahmed, M.; Islam, A.; Shatabda, S.; Islam, A.K.M.M.; Robin, T.I. Intrusion detection system in software-defined networks using machine learning and deep learning techniques—A comprehensive survey. TechRxiv Prepr. 2021. [Google Scholar] [CrossRef]
- Alzahrani, A.O.; Alenazi, M.J. Designing a network intrusion detection system based on machine learning for software defined networks. Future Internet 2021, 13, 111. [Google Scholar] [CrossRef]
- Klymash, M.; Shpur, O.; Peleh, N.; Maksysko, O. Concept of Intelligent Detection of DDoS Attacks in SDN Networks Using Machine Learning. In Proceedings of the 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T), Kharkiv, Ukraine, 6–9 October 2020; pp. 609–612. [Google Scholar]
- Ahmad, A.; Harjula, E.; Ylianttila, M.; Ahmad, I. Evaluation of machine learning techniques for security in SDN. In Proceedings of the 2020 IEEE Globecom Workshops (GC Wkshps), Taipei, Taiwan, 7–11 December 2020; pp. 1–6. [Google Scholar]
- Aslam, M.; Ye, D.; Hanif, M.; Asad, M. Machine learning based SDN-enabled distributed denial-of-services attacks detection and mitigation system for Internet of Things. In Proceedings of the Machine Learning for Cyber Security: Third International Conference, ML4CS 2020, Guangzhou, China, 8–10 October 2020; Proceedings, Part I 3. Springer: Berlin/Heidelberg, Germany, 2020; pp. 180–194. [Google Scholar]
- Abou El Houda, Z.; Hafid, A.S.; Khoukhi, L. A novel machine learning framework for advanced attack detection using sdn. In Proceedings of the 2021 IEEE Global Communications Conference (GLOBECOM), Madrid, Spain, 7–11 December 2021; pp. 1–6. [Google Scholar]
- Wijesekara, P.A.D.S.N.; Gunawardena, S. A Comprehensive Survey on Knowledge-Defined Networking. Telecom 2023, 4, 477–596. [Google Scholar] [CrossRef]
- Banton, M.D. A Deep Learning-Based Approach to Identifying and Mitigating Network Attacks within SDN Environments Using Non-Standard Data Sources; Liverpool John Moores University: Liverpool, UK, 2021. [Google Scholar]
- Varadharajan, V.; Tupakula, U. Counteracting attacks from malicious end hosts in software defined networks. IEEE Trans. Netw. Serv. Manag. 2019, 17, 160–174. [Google Scholar] [CrossRef]
- Aladaileh, M.A.; Anbar, M.; Hasbullah, I.H.; Sanjalawe, Y.K. Information theory-based approaches to detect DDoS attacks on software-defined networking controller a review. Int. J. Educ. Inf. Technol 2021, 15, 83–94. [Google Scholar] [CrossRef]
- Sonchack, J.; Dubey, A.; Aviv, A.J.; Smith, J.M.; Keller, E. Timing-based reconnaissance and defense in software-defined networks. In Proceedings of the 32nd Annual Conference on Computer Security Applications, Los Angeles, CA, USA, 5–9 December 2016; pp. 89–100. [Google Scholar]
- Krishnan, P.; Duttagupta, S.; Achuthan, K. SDN/NFV security framework for fog-to-things computing infrastructure. Softw. Pract. Exp. 2020, 50, 757–800. [Google Scholar] [CrossRef]
- Eom, T.; Hong, J.B.; An, S.; Park, J.S.; Kim, D.S. A framework for real-time intrusion response in software defined networking using precomputed graphical security models. Secur. Commun. Netw. 2020, 2020, 7235043. [Google Scholar] [CrossRef]
- Shoaib, F.; Chow, Y.W.; Vlahu-Gjorgievska, E.; Nguyen, C. Using Machine Learning for Detecting Timing Side-Channel Attacks in SDN. In Proceedings of the International Symposium on Mobile Internet Security, Jeju, Republic of Korea, 15–17 December 2022; Springer: Berlin/Heidelberg, Germany, 2022; pp. 180–194. [Google Scholar]
- Subhajournal. SDN Intrusion Detection. 2022. Available online: https://www.kaggle.com/datasets/subhajournal/sdn-intrusion-detection (accessed on 14 August 2023).
- Market Research Future. Software-Defined Networking (SDN) Market Size, Share|2030—marketresearchfuture.com. Available online: https://www.marketresearchfuture.com/reports/software-defined-networking-market-1607 (accessed on 8 July 2023).
- Das, T.; Hamdan, O.A.; Shukla, R.M.; Sengupta, S.; Arslan, E. UNR-IDD: Intrusion Detection Dataset using Network Port Statistics. In Proceedings of the 2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2023; pp. 497–500. [Google Scholar]
- Dhanabal, L.; Shantharajah, S. A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 2015, 4, 446–452. [Google Scholar]
- Banker, K.; Garrett, D.; Bakkum, P.; Verch, S. MongoDB in Action: Covers MongoDB Version 3.0; Simon and Schuster: New York, NY, USA, 2016. [Google Scholar]
- Ujjan, R.M.A.; Pervez, Z.; Dahal, K.; Bashir, A.K.; Mumtaz, R.; González, J. Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Future Gener. Comput. Syst. 2020, 111, 763–779. [Google Scholar] [CrossRef]
- Kaur, K.; Singh, J.; Ghumman, N.S. Mininet as software defined networking testing platform. In Proceedings of the International Conference on Communication, Computing & Systems (ICCCS), Pubjab, India, 8–9 August 2014; pp. 139–142. [Google Scholar]
- Bhardwaj, S.; Panda, S.N. Performance evaluation using ryu sdn controller in software-defined networking environment. Wirel. Pers. Commun. 2022, 122, 701–723. [Google Scholar] [CrossRef]
- Adeleke, O.A.; Bastin, N.; Gurkan, D. Network traffic generation: A survey and methodology. ACM Comput. Surv. (CSUR) 2022, 55, 1–23. [Google Scholar] [CrossRef]
- Ibrahim, H.Y.; Ismael, P.M.; Albabawat, A.A.; Al-Khalil, A.B. A secure mechanism to prevent ARP spoofing and ARP broadcasting in SDN. In Proceedings of the 2020 International Conference on Computer Science and Software Engineering (CSASE), Duhok, Iraq, 16–18 April 2020; pp. 13–19. [Google Scholar]
Title | Solution and Features | Issues and Limitations |
---|---|---|
Timing-based Reconnaissance and Defense in Software-defined Networks [44] | OpenFlow Timeout Proxy: Sends default responses if the controller is taking more time. | Limited responses: An attacker can generate traffic to fill the switch flow table. Limited to less than 10,000 packets/s. |
SDN/NFV security framework for fog-to-things computing infrastructure [45] | DDoS/botnets detection and response: Detects attacks and installs Drop rules. | Sends drop rules that can drop legitimate traffic. Also, there is no revision of the drop rule suggested. |
A Framework for Real-Time Intrusion Response in Software-defined Networking Using Precomputed Graphical Security Models [46] | Real-time intrusion response in SDN using precomputation: Estimates possible attack paths. | Response drops all outgoing traffic from the affected VM, which impacts all services. |
A Security Architecture Proposal for Detection and Response to Threats in SDN Networks [13] | Network architecture for SDN with detection/protection mechanisms, including IDS technology. | The solution has a high response time (6–7 s) and the response drops all traffic from the node. |
Counteracting Attacks From Malicious End Hosts in Software-defined Networks [42] | Propose techniques for securing the Controller, switches, and legitimate end hosts from malicious end host attacks in SDNs | The solution drops incoming flow requests as a proactive response. No feedback or monitoring is used on the dropped flow request. |
Dataset Name | Source MAC Address | Destination MAC Address | Source IP Address | Destination IP Address | Time Stamp | TTL | Protocol |
---|---|---|---|---|---|---|---|
SDN Intrusion Detection [48] | x | x | ✓ | ✓ | x | ✓ | ✓ |
DDoS SDN Dataset [49] | x | x | ✓ | ✓ | x | x | ✓ |
UNR-IDD Intrusion Detection Dataset [50] | x | x | x | x | x | ✓ | ✓ |
NSL-KDD [51] | x | x | x | x | x | x | ✓ |
Proposed Dataset for Solution | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Shoaib, F.; Chow, Y.-W.; Vlahu-Gjorgievska, E.; Nguyen, C. Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response. Telecom 2023, 4, 877-900. https://doi.org/10.3390/telecom4040038
Shoaib F, Chow Y-W, Vlahu-Gjorgievska E, Nguyen C. Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response. Telecom. 2023; 4(4):877-900. https://doi.org/10.3390/telecom4040038
Chicago/Turabian StyleShoaib, Faizan, Yang-Wai Chow, Elena Vlahu-Gjorgievska, and Chau Nguyen. 2023. "Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response" Telecom 4, no. 4: 877-900. https://doi.org/10.3390/telecom4040038
APA StyleShoaib, F., Chow, Y.-W., Vlahu-Gjorgievska, E., & Nguyen, C. (2023). Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response. Telecom, 4(4), 877-900. https://doi.org/10.3390/telecom4040038