Distributed Rule Anomaly Detection in SDN-based IoT: Towards a Comprehensive Approach

Document Type : Research Article

Authors

Faculty of Computer Engineering, University of Isfahan, Iran.

Abstract

The rapid increase in the number of equipment connected to different networks in the world has led to the development of diverse and new applications in the Internet of Things, which often use the current network infrastructure. In other words, force the network administrator to implement complex network policies manually. Due to this significant growth of equipment and the increase in the complexity of traditional network configuration, software-defined networks (SDN) integrate and facilitate network management by separating the control and data layers from each other and creating network rules in the data layer. For these facilities, these networks appear to be a good infrastructure for IoT networks, which will enable network programming to develop new and more efficient services to meet real needs. In addition, the variety of IoT equipment can increase complex and inconsistent network rules in SDN-based switches, making network management difficult. Accordingly, in this paper, we will try to model the behavior of anomaly rules distributed in software-defined networks such as FTD, FBF, and irrelevant anomalies that have been created by different apps in the Internet of Things. It can identify their relationship with other rules in the network and avoid registering them.

Keywords

Main Subjects


[1] O. Flauzac, C. González, A. Hachani, and F. Nolot. SDN based architecture for IoT and improvement of the security. In 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops, pages 688--693. IEEE, 2015. [ DOI ]
[2] L. Raju, M. Adhil, S. Logeshwaran, M. Sanjana, and V. K. Praveena. IOT based Advanced building automation and Energy Management. In 2022 IEEE World Conference on Applied Intelligence and Computing (AIC), pages 478--481. IEEE, 2022. [ DOI ]
[3] S. K. Tayyaba, M. A. Shah, O. A. Khan, and A. W. Ahmed. Software defined network (sdn) based internet of things (iot) a road ahead. In Proceedings of the International Conference on Future Networks and Distributed Systems, pages 1--8, 2017. [ DOI ]
[4] T. Jafarian, M. Masdari, A. Ghaffari, and K. Majidzadeh. A survey and classification of the security anomaly detection mechanisms in software defined networks. Cluster Computing, 24:1235--53, 2021. [ DOI ]
[5] M. H. Khairi, S. H. Ariffin, N. M. Latiff, A. S. Abdullah, and M. K. Hassan. A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN). Engineering, Technology and Applied Science Research, 8(2), 2018.
[6] Y. Maleh, Y. Qasmaoui, K. El Gholami, Y. Sadqi, and S. Mounir. A comprehensive survey on SDN security: threats, mitigations, and future directions. Journal of Reliable Intelligent Environments, pages 1--39, 2022. [ DOI ]
[7] H. Li, F. Wei, and H. Hu. Enabling dynamic network access control with anomaly-based IDS and SDN. In Proceedings of the ACM International Workshop on Security in Software-Defined Networks and Network Function Virtualization, pages 13--16, 2019. [ DOI ]
[8] P. Zhang, S. Xu, Z. Yang, H. Li, Q. Li, H. Wang, and C. Hu. FOCES: Detecting forwarding anomalies in software defined networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pages 830--840. IEEE, 2018. [ DOI ]
[9] B. A. Nunes, M. Mendonca, X. N. Nguyen, K. Obraczka, and T. Turletti. A survey of software-defined networking: Past, present, and future of programmable networks. IEEE Communications surveys and tutorials, 16(3):1617--34, 2014. [ DOI ]
[10] A. Ahalawat, K. S. Babu, A. K. Turuk, and S. Patel. A low-rate DDoS detection and mitigation for SDN using Renyi Entropy with Packet Drop. Journal of Information Security and Applications, 68:103212, 2022. [ DOI ]
[11] A. H. Mohammed, R. M. Khaleefah, and I. A. Abdulateef. A review software defined networking for Internet of Things. In 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), pages 1--8. IEEE, 2020. [ DOI ]
[12] P. Wang, L. Huang, H. Xu, B. Leng, and H. Guo. Rule anomalies detecting and resolving for software defined networks. In 2015 IEEE Global Communications Conference (GLOBECOM), pages 1--6. IEEE, 2015. [ DOI ]
[13] P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu. A security enforcement kernel for OpenFlow networks. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pages 121--126, 2012. [ DOI ]
[14] A. Khurshid, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying network-wide invariants in real time. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pages 49--54, 2012. [ DOI ]
[15] E. Tsogbaatar, M. H. Bhuyan, Y. Taenaka, D. Fall, K. Gonchigsumlaa, E. Elmroth, and Y. Kadobayashi. SDN-enabled IoT anomaly detection using ensemble learning. In Artificial Intelligence Applications and Innovations: 16th IFIP WG 12.5 International Conference, AIAI 2020, Neos Marmaras, Greece, June 5–7, 2020, Proceedings, Part II 16, pages 268--280. Springer International Publishing, 2020. [ DOI ]
[16] A. AuYoung, Y. Ma, S. Banerjee, J. Lee, P. Sharma, Y. Turner, C. Liang, and J. C. Mogul. Democratic resolution of resource conflicts between sdn control programs. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies, pages 391--402, 2014. [ DOI ]
[17] E. Al-Shaer and S. Al-Haj. FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures. In Proceedings of the 3rd ACM workshop on Assurable and usable security configuration, pages 37--44, 2010. [ DOI ]
[18] A. D. Ferguson, A. Guha, C. Liang, R. Fonseca, and S. Krishnamurthi. Hierarchical policies for software defined networks. In Proceedings of the first workshop on Hot topics in software defined networks, pages 37--42, 2012. [ DOI ]
[19] G. Zhang, S. Cheng, X. Song, and F. Jiang. Detecting and Resolving Flow Entries Collisions in Software Defined Networks. In Proceedings of the 2019 3rd International Conference on Computer Science and Artificial Intelligence, pages 245--251, 2019. [ DOI ]
[20] R. Kiani and A. Bohlooli. Distributed Rule Anomaly Detection in SDN-based IoT. In 2021 5th International Conference on Internet of Things and Applications (IoT), pages 1--6. IEEE, 2021. [ DOI ]
[21] S. Xi, K. Bu, W. Mao, X. Zhang, K. Ren, and X. Ren. RuleOut forwarding anomalies for SDN. IEEE/ACM Transactions on Networking, 31(1):395--407, 2022. [ DOI ]
[22] F. Valenza and M. Cheminod. An Optimized Firewall Anomaly Resolution. J. Internet Serv. Inf. Secur., 10(1):22--37, 2020.
[23] E. Al-Shaer, H. Hamed, R. Boutaba, and M. Hasan. Conflict classification and analysis of distributed firewall policies. IEEE journal on selected areas in communications, 23(10):2069--84, 2005. [ DOI ]