Hacker-proof SDN networks

In recent years, the growth of Software Defined Networking (SDN) has been exponential, and its use is no longer limited exclusively to large companies and data centres. Thanks to its multiple possibilities and many open-source projects, more and more small companies or users are betting on this technology.

These SDN networks are characterised by greater efficiency in the transport of information, as well as in the control of the network. However, they do have one weakness: because everything is centralised, the main controller can be subject to cyber attacks that can jeopardise the operation and security of the network.

To prevent these attacks and guarantee the reliability of the network at all times, researchers from the Universitat Politècnica de València, together with researchers from several universities in Paranà, Brazil, have developed a new hacker-proof defence system based on a systematic analysis of individual IP flow records. This system, which uses the Gated Recurrent Units (GRU) deep learning method, allows for near real-time detection of distributed denial-of-service (DDoS) and intrusion attacks.

Among its features, the system devised by the UPV researchers offers faster mitigation responses, thus guaranteeing the quality of the services provided by the SDN and minimising the impact of the attack on it.

"Individualised analysis of IP flows can easily identify attackers and their targets through feature extraction. This approach enables faster mitigation responses, minimising the impact on the SDN. In this way, we can protect the SDN central controller against situations that could compromise it, thereby impairing the operation of the network," explains Jaime Lloret.

The system is divided into two main modules, detection and mitigation. "The first one analyses individual IP flows to identify the occurrence of attacks, and the second one generates efficient responses against detected attacks, reducing their impact on the network and, consequently, on its users," Lloret adds.

This new system has been evaluated in different scenarios, using two public datasets, the CICDDoS 2019, which included several types of DDoS attacks, and the CICIDS 2018, with different intrusion techniques, with excellent results.

"For future work, we intend to use the GRU method as a multi-label classifier, capable of detecting the appearance of any anomalies in the operation of the network and identifying them. In addition, we want to estimate and evaluate using a drop time window in the mitigation module, calculating the optimal time to minimise the computational cost and improve the mitigation results," concludes Lloret.

This work results from previous highly successful and internationally referenced work, such as using artificial intelligence on real-time data streams for anomaly detection in IoT networks and real-time security in IoT.

References

• MVO Assis, LF Carvalho, J Lloret, ML Proença Jr, A GRU deep learning system against attacks in software-defined networks, Journal of Network and Computer Applications 177, 102942. 2021
• MVO de Assis, LF Carvalho, JJPC Rodrigues, J Lloret, ML Proença Jr, Near real-time security system applied to SDN environments in IoT networks using convolutional neural network, Computers & Electrical Engineering 86, 106738, 2020.
• M Lopez-Martin, B Carro, A Sanchez-Esguevillas, J Lloret, Network traffic classifier with convolutional and recurrent neural networks for Internet of Things, IEEE Access 5, 18042-18050. 2017