Analysis of Traffic Signals on an SDN for Detection and Classification of a Man-in-the-Middle Attack

2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS) Pub Date : 2018-12-01 DOI:10.1109/ICSPCS.2018.8631762

Julian D'Orsaneo, M. Tummala, J. McEachen, Bryan Martin

{"title":"Analysis of Traffic Signals on an SDN for Detection and Classification of a Man-in-the-Middle Attack","authors":"Julian D'Orsaneo, M. Tummala, J. McEachen, Bryan Martin","doi":"10.1109/ICSPCS.2018.8631762","DOIUrl":null,"url":null,"abstract":"Software-defined networking (SDN) has the potential to revolutionize the management capabilities of a highly distributed communications environment. Yet, adoption of SDN is contingent on a thorough analysis of security implications. In this paper, we investigate a man-in-the-middle (MITM) attack that exploits the centralized topological view critical to SDN operations. In particular, we present a new scheme for detection and classification of the attack at the network layer. We apply wavelet analysis to detect anomalous conditions introduced by the MITM attack using traffic signals collected at network switch ports. We then identify unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber events, such as a distributed denial-of-service and network congestion, are presented to the detection scheme to validate its general applicability. Overall, we successfully demonstrate the capability to detect and classify the MITM attack in addition to other cyber events at the network layer, thereby contributing to the security of SDN.","PeriodicalId":179948,"journal":{"name":"2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSPCS.2018.8631762","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Software-defined networking (SDN) has the potential to revolutionize the management capabilities of a highly distributed communications environment. Yet, adoption of SDN is contingent on a thorough analysis of security implications. In this paper, we investigate a man-in-the-middle (MITM) attack that exploits the centralized topological view critical to SDN operations. In particular, we present a new scheme for detection and classification of the attack at the network layer. We apply wavelet analysis to detect anomalous conditions introduced by the MITM attack using traffic signals collected at network switch ports. We then identify unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber events, such as a distributed denial-of-service and network congestion, are presented to the detection scheme to validate its general applicability. Overall, we successfully demonstrate the capability to detect and classify the MITM attack in addition to other cyber events at the network layer, thereby contributing to the security of SDN.

查看原文本刊更多论文

基于SDN的交通信号分析与中间人攻击检测与分类

软件定义网络(SDN)有可能彻底改变高度分布式通信环境的管理能力。然而，SDN的采用取决于对安全影响的彻底分析。在本文中，我们研究了一种中间人(MITM)攻击，该攻击利用了对SDN操作至关重要的集中式拓扑视图。特别地，我们提出了一种新的网络层攻击检测和分类方案。我们利用从网络交换机端口收集的流量信号，应用小波分析来检测MITM攻击引入的异常情况。然后，我们在收集的交通信号中识别报告异常的独特特征，以构建分类框架。其他网络事件，如分布式拒绝服务和网络拥塞，提出了检测方案，以验证其一般适用性。总的来说，我们成功地展示了在网络层检测和分类MITM攻击以及其他网络事件的能力，从而有助于SDN的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS)

自引率

0.00%

发文量