short-paper

Public Access

Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN

Authors:

Hongxin HuAuthors Info & Claims

SDN-NFVSec '19: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 13 - 16

https://doi.org/10.1145/3309194.3309199

Published: 19 March 2019 Publication History

Abstract

In the Software Defined Networking (SDN) and Network Function Virtualization (NFV) era, it is critical to enable dynamic network access control. Traditionally, network access control policies are statically predefined as router entries or firewall rules. SDN enables more flexibility by re-actively installing flow rules into the switches to achieve dynamic network access control. However, SDN is limited in capturing network anomalies, which are usually important signs of security threats. In this paper, we propose to employ anomaly-based Intrusion Detection System (IDS) to capture network anomalies and generate SDN flow rules to enable dynamic network access control. We gain the knowledge of network anomalies from anomaly-based IDS by training an interpretable model to explain its outcome. Based on the explanation, we derive access control policies. We demonstrate the feasibility of our approach by explaining the outcome of an anomaly-based IDS built upon a Recurrent Neural Network (RNN) and generating SDN flow rules based on our explanation.

References

[1]

2018. Snort Network Intrusion Detection & Prevention System. https://snort.org/.

[2]

2018. Suricata IDS. https://suricata-ids.org/.

[3]

2019. KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99. html.

[4]

2019. Keras: The Python Deep Learning library. https://keras.io/.

[5]

2019. NSL-KDD dataset. https://www.unb.ca/cic/datasets/nsl.html.

[6]

2019. TensorFlow. https://www.tensorflow.org/.

[7]

Amina Adadi and Mohammed Berrada. 2018. Peeking inside the black-box: A survey on Explainable Artificial Intelligence (XAI). IEEE Access 6 (2018), 52138-- 52160.

[8]

Johanna Amann and Robin Sommer. 2015. Providing Dynamic Control to Passive Network Security Monitoring. In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses-Volume 9404. Springer-Verlag New York, Inc., 133--152.

Digital Library

[9]

Rocky KC Chang. 2002. Defending against flooding-based distributed denial-ofservice attacks: a tutorial. IEEE communications magazine 40, 10 (2002), 42--51.

Digital Library

[10]

Zhiyong Cheng, Xiaojun Chang, Lei Zhu, Rose C Kanjirathinkal, and Mohan Kankanhalli. 2019. MMALFM: Explainable recommendation by leveraging reviews and images. ACM Transactions on Information Systems (TOIS) 37, 2 (2019), 16.

Digital Library

[11]

Juan Deng and Hongda Li. 2017. On the Safety and Efficiency of Virtual Firewall Elasticity Control. In 24th Network and Distributed System Security Symposium (NDSS 2017).

[12]

Alex A Freitas. 2014. Comprehensible classification models: a position paper. ACM SIGKDD explorations newsletter 15, 1 (2014), 1--10.

Digital Library

[13]

Timon Gehr, Matthew Mirman, Dana Drachsler-Cohen, Petar Tsankov, Swarat Chaudhuri, and Martin Vechev. 2018. Ai 2: Safety and robustness certification of neural networks with abstract interpretation. In Security and Privacy (SP), 2018 IEEE Symposium on.

[14]

Wenbo Guo, Dongliang Mu, Jun Xu, Purui Su, GangWang, and Xinyu Xing. 2018. Lemna: Explaining deep learning based security applications. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 364--379.

Digital Library

[15]

Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao. 2014. FLOWGUARD: building robust firewalls for software-defined networks. In Proceedings of the third workshop on Hot topics in software defined networking. ACM, 97--102.

Digital Library

[16]

Johan Huysmans, Karel Dejaeger, Christophe Mues, Jan Vanthienen, and Bart Baesens. 2011. An empirical evaluation of the comprehensibility of decision table, tree and rule based predictive models. Decision Support Systems 51, 1 (2011), 141--154.

Digital Library

[17]

Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2016. Why should i trust you?: Explaining the predictions of any classifier. In Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. ACM, 1135--1144.

Digital Library

[18]

Marco Tulio Ribeiro, Sameer Singh, and Carlos Guestrin. 2018. Anchors: Highprecision model-agnostic explanations. In AAAI Conference on Artificial Intelligence.

[19]

Martin Roesch and Chris Green. 2016. Snort Users Manual 2.9. 8.2.

[20]

Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. 2018. A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence 2, 1 (2018), 41--50.

[21]

Tuan A Tang, Lotfi Mhamdi, Des McLernon, Syed Ali Raza Zaidi, and Mounir Ghogho. 2018. Deep recurrent neural network for intrusion detection in sdnbased networks. In 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft). IEEE, 202--206.

[22]

Kelvin Xu, Jimmy Ba, Ryan Kiros, Kyunghyun Cho, Aaron Courville, Ruslan Salakhudinov, Rich Zemel, and Yoshua Bengio. 2015. Show, attend and tell: Neural image caption generation with visual attention. In International conference on machine learning. 2048--2057.

Digital Library

[23]

Chuanlong Yin, Yuefei Zhu, Jinlong Fei, and Xinzheng He. 2017. A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5 (2017), 21954--21961.

[24]

Bolei Zhou, Aditya Khosla, Agata Lapedriza, Aude Oliva, and Antonio Torralba. 2016. Learning deep features for discriminative localization. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2921--2929.

Cited By

Huang YYang YRen HYe LLiu Q(2024)From Urban Design to Energy Sustainability: How Urban Morphology Influences Photovoltaic System PerformanceSustainability10.3390/su1616719316:16(7193)Online publication date: 21-Aug-2024
https://doi.org/10.3390/su16167193
Josbert NWei MWang PRafiq A(2024)A look into smart factory for Industrial IoT driven by SDN technology: A comprehensive survey of taxonomy, architectures, issues and future research orientationsJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2024.10206936:5(102069)Online publication date: Jun-2024
https://doi.org/10.1016/j.jksuci.2024.102069
Bukhari SZafar MHouran MMoosavi SMansoor MMuaaz MSanfilippo F(2024)Secure and privacy-preserving intrusion detection in wireless sensor networks: Federated learning with SCNN-Bi-LSTM for enhanced reliabilityAd Hoc Networks10.1016/j.adhoc.2024.103407155(103407)Online publication date: Mar-2024
https://doi.org/10.1016/j.adhoc.2024.103407
Show More Cited By

Index Terms

Enabling Dynamic Network Access Control with Anomaly-based IDS and SDN
1. Networks
  1. Network services
    1. Programmable networks
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Fast Blocking of Malicious Traffic by Excluding Benign Flow Monitoring in IDS/SDN Cooperative Firewall Systems
AINTEC '22: Proceedings of the 17th Asian Internet Engineering Conference

Intrusion Detection System (IDS) / Software Defined Networking (SDN) cooperative firewall systems attract much attention recently because they have many advantages such as dynamic network configuration with SDN and scalable IDS hosts. In IDS/SDN ...
A smart IDS and response system for the internet malicious worm

In this paper, we proposed a behaviour-based intrusion detection and response system for the internet worm. The LAWS (Lambent Anti-Worm System) can detect the intruded services and influenced range automatically. Besides, it also can analyse the key ...
The integration of access control levels based on SDN

Systems and networks include several inputs and outputs from which they are accessed. Access controls exist to manage authentication and access controls through those inputs and outputs. One of the significant problems in this scope is the difficulty to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SDN-NFVSec '19: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2019

39 pages

ISBN:9781450361798

DOI:10.1145/3309194

General Chairs:
Gail-Joon Ahn
Arizona State University, USA and Samsung Research, Korea
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Science Foundation

Conference

CODASPY '19

Sponsor:

SIGSAC

CODASPY '19: Ninth ACM Conference on Data and Application Security and Privacy

March 27, 2019

Texas, Richardson, USA

Acceptance Rates

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,125
Total Downloads

Downloads (Last 12 months)217
Downloads (Last 6 weeks)25

Reflects downloads up to 10 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang YYang YRen HYe LLiu Q(2024)From Urban Design to Energy Sustainability: How Urban Morphology Influences Photovoltaic System PerformanceSustainability10.3390/su1616719316:16(7193)Online publication date: 21-Aug-2024
https://doi.org/10.3390/su16167193
Josbert NWei MWang PRafiq A(2024)A look into smart factory for Industrial IoT driven by SDN technology: A comprehensive survey of taxonomy, architectures, issues and future research orientationsJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2024.10206936:5(102069)Online publication date: Jun-2024
https://doi.org/10.1016/j.jksuci.2024.102069
Bukhari SZafar MHouran MMoosavi SMansoor MMuaaz MSanfilippo F(2024)Secure and privacy-preserving intrusion detection in wireless sensor networks: Federated learning with SCNN-Bi-LSTM for enhanced reliabilityAd Hoc Networks10.1016/j.adhoc.2024.103407155(103407)Online publication date: Mar-2024
https://doi.org/10.1016/j.adhoc.2024.103407
BALIK HAL-HWAIDI O(2023)A New Software Defined Networks (SDN) in IoTs Based Deep Learning TechniquesAURUM Journal of Engineering Systems and Architecture10.53600/ajesa.12545427:2(165-185)Online publication date: 11-May-2023
https://doi.org/10.53600/ajesa.1254542
Oseni AMoustafa NCreech GSohrabi NStrelzoff ATari ZLinkov I(2023)An Explainable Deep Learning Framework for Resilient Intrusion Detection in IoT-Enabled Transportation NetworksIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.318867124:1(1000-1014)Online publication date: Jan-2023
https://doi.org/10.1109/TITS.2022.3188671
Izuazu UKim DLee J(2023)Unravelling the Black Box: Enhancing Virtual Reality Network Security with Interpretable Deep Learning-Based Intrusion Detection System2023 14th International Conference on Information and Communication Technology Convergence (ICTC)10.1109/ICTC58733.2023.10392826(928-931)Online publication date: 11-Oct-2023
https://doi.org/10.1109/ICTC58733.2023.10392826
Ben Said RSabir ZAskerzade I(2023)CNN-BiLSTM: A Hybrid Deep Learning Approach for Network Intrusion Detection System in Software-Defined Networking With Hybrid Feature SelectionIEEE Access10.1109/ACCESS.2023.334014211(138732-138747)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3340142
Keshk MKoroniotis NPham NMoustafa NTurnbull BZomaya A(2023)An explainable deep learning-enabled intrusion detection framework in IoT networksInformation Sciences10.1016/j.ins.2023.119000(119000)Online publication date: Apr-2023
https://doi.org/10.1016/j.ins.2023.119000
Karnani SAgrawal NKumar R(2023)A comprehensive survey on low-rate and high-rate DDoS defense approaches in SDN: taxonomy, research challenges, and opportunitiesMultimedia Tools and Applications10.1007/s11042-023-16781-083:12(35253-35306)Online publication date: 29-Sep-2023
https://doi.org/10.1007/s11042-023-16781-0
Prasad AChandra S(2023)Boosting Algorithms-Based Intrusion Detection System: A Performance Comparison PerspectiveProceedings on International Conference on Data Analytics and Computing10.1007/978-981-99-3432-4_24(307-321)Online publication date: 9-Aug-2023
https://doi.org/10.1007/978-981-99-3432-4_24
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents