Detecting distributed cyber attacks in SDN based on automatic thresholding

Ryousuke Komiya, Yaokai Feng, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.

Original languageEnglish
Title of host publicationProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages417-423
Number of pages7
ISBN (Electronic)9781538691847
DOIs
Publication statusPublished - Dec 26 2018
Event6th International Symposium on Computing and Networking Workshops, CANDARW 2018 - Takayama, Japan
Duration: Nov 27 2018Nov 30 2018

Publication series

NameProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

Conference

Conference6th International Symposium on Computing and Networking Workshops, CANDARW 2018
CountryJapan
CityTakayama
Period11/27/1811/30/18

Fingerprint

Thresholding
Networking
Attack
Software
Historical Data
Parameter Tuning
Software defined networking
Tuning
Traffic
Internet
Industry
Controller
Controllers

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Statistics, Probability and Uncertainty
  • Computer Science Applications

Cite this

Komiya, R., Feng, Y., & Sakurai, K. (2018). Detecting distributed cyber attacks in SDN based on automatic thresholding. In Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018 (pp. 417-423). [8590937] (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDARW.2018.00083

Detecting distributed cyber attacks in SDN based on automatic thresholding. / Komiya, Ryousuke; Feng, Yaokai; Sakurai, Kouichi.

Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 417-423 8590937 (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Komiya, R, Feng, Y & Sakurai, K 2018, Detecting distributed cyber attacks in SDN based on automatic thresholding. in Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018., 8590937, Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, Institute of Electrical and Electronics Engineers Inc., pp. 417-423, 6th International Symposium on Computing and Networking Workshops, CANDARW 2018, Takayama, Japan, 11/27/18. https://doi.org/10.1109/CANDARW.2018.00083
Komiya R, Feng Y, Sakurai K. Detecting distributed cyber attacks in SDN based on automatic thresholding. In Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 417-423. 8590937. (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018). https://doi.org/10.1109/CANDARW.2018.00083
Komiya, Ryousuke ; Feng, Yaokai ; Sakurai, Kouichi. / Detecting distributed cyber attacks in SDN based on automatic thresholding. Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 417-423 (Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018).
@inproceedings{f4753a34f4514f33bcf245016543fac6,
title = "Detecting distributed cyber attacks in SDN based on automatic thresholding",
abstract = "Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.",
author = "Ryousuke Komiya and Yaokai Feng and Kouichi Sakurai",
year = "2018",
month = "12",
day = "26",
doi = "10.1109/CANDARW.2018.00083",
language = "English",
series = "Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "417--423",
booktitle = "Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018",
address = "United States",

}

TY - GEN

T1 - Detecting distributed cyber attacks in SDN based on automatic thresholding

AU - Komiya, Ryousuke

AU - Feng, Yaokai

AU - Sakurai, Kouichi

PY - 2018/12/26

Y1 - 2018/12/26

N2 - Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.

AB - Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.

UR - http://www.scopus.com/inward/record.url?scp=85061440107&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061440107&partnerID=8YFLogxK

U2 - 10.1109/CANDARW.2018.00083

DO - 10.1109/CANDARW.2018.00083

M3 - Conference contribution

AN - SCOPUS:85061440107

T3 - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

SP - 417

EP - 423

BT - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -