Detection of anomalies of a non-deterministic software-defined networking control. Issue 129 (June 2023)
- Record Type:
- Journal Article
- Title:
- Detection of anomalies of a non-deterministic software-defined networking control. Issue 129 (June 2023)
- Main Title:
- Detection of anomalies of a non-deterministic software-defined networking control
- Authors:
- Desgeorges, Loïc
Georges, Jean-Philippe
Divoux, Thierry - Abstract:
- Highlights: A multi-controller approach is proposed without communication between controllers. A detection algorithm to detect anomaly in a non-deterministic control. The detection is based on the computation of a likelihood score for each decision. The computation is based on a multi-criterion approach. Two criteria are proposed, and the limits and benefits are discussed. Abstract: Software Defined Networking (SDN) is a network architecture within the control is centralized through a software-based controller. Being a single point of attack makes the controller the preferred target in the SDN architecture. Multi-controller architecture has been introduced to reinforce the control plane. However it requires a communication interface between the controllers which is a security threat. In this objective, a dual controller architecture is introduced and it consists of one nominal controller in charge of the data plane computation plus a second one in charge of the detection of anomalies in the decisions taken by the main controller. In the case of non-determinist algorithm, the detection logic aims at determining a likelihood score of the decisions taken by the controller. A multi-criterion detection approach is proposed by considering both the performance of the decisions and the structure of the decisions taken by the controller. Such computations are probabilistic and attention has been paid to machine learning algorithms to determine this likelihood. More precisely, threeHighlights: A multi-controller approach is proposed without communication between controllers. A detection algorithm to detect anomaly in a non-deterministic control. The detection is based on the computation of a likelihood score for each decision. The computation is based on a multi-criterion approach. Two criteria are proposed, and the limits and benefits are discussed. Abstract: Software Defined Networking (SDN) is a network architecture within the control is centralized through a software-based controller. Being a single point of attack makes the controller the preferred target in the SDN architecture. Multi-controller architecture has been introduced to reinforce the control plane. However it requires a communication interface between the controllers which is a security threat. In this objective, a dual controller architecture is introduced and it consists of one nominal controller in charge of the data plane computation plus a second one in charge of the detection of anomalies in the decisions taken by the main controller. In the case of non-determinist algorithm, the detection logic aims at determining a likelihood score of the decisions taken by the controller. A multi-criterion detection approach is proposed by considering both the performance of the decisions and the structure of the decisions taken by the controller. Such computations are probabilistic and attention has been paid to machine learning algorithms to determine this likelihood. More precisely, three formalisms are compared: Probabilistic Finite Automaton, Hidden Markov Model and Recurrent Neural Network. The impact of the control variance in the detection accuracy depending on the formalism used is discussed on a case study. … (more)
- Is Part Of:
- Computers & security. Issue 129(2023)
- Journal:
- Computers & security
- Issue:
- Issue 129(2023)
- Issue Display:
- Volume 129, Issue 129 (2023)
- Year:
- 2023
- Volume:
- 129
- Issue:
- 129
- Issue Sort Value:
- 2023-0129-0129-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-06
- Subjects:
- Software defined networking -- Safety -- Security -- Multi-controllers -- Observability -- Hidden Markov models -- Recurrent neural networks
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2023.103228 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 27035.xml