Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network

doi:10.3969/j.issn.1006-2475.2015.10.020

Abstract

Abstract: The increasing complexity of hybrid cloud networks becomes a bottleneck of cloud computing. As a potential solution, SDN has gained great attentions from both industry and academia, especially in the network security domain. Research on utilizing SDN in network attack detection is still in its inception phase. Specifically, it has not been evaluated whether SDN can efficiently detect internal network attacks in a cloud environment. In this research we implement both SDN and traditional network infrastructures based on OpenStack platform. We simulate both flood and port-scan attacks and utilize two types of traffic anomaly detection algorithms. Experiment results indicate that the SDN method shows better performance in memory usage without degrading its accuracy, while it also suffers performance bottleneck when directly deployed into SDN controllers.

Key words: software defined network (SDN), cloud platform, traffic anomaly detection, network security, performance analysis

CLC Number:

TP393

MA Chao1,2, CHENG Li1, KONG Ling-ling3. Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2015.10.020.

References

[1] Kreutz D, Ramos F M V, Verissimo P. Towards secure and dependable software-defined networks[C]// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:55-60.

[2] Modi C, Patel D, Borisaniya B, et al. A survey on security issues and solutions at different layers of cloud computing[J]. The Journal of Supercomputing, 2013,63(2):561-592.

[3] Deshpande P, Aggarwal A, Sharma S C, et al. Distributed port-scan attack in cloud environment[C]// Proceedings of the 5th International Conference on Computational Aspects of Social Networks (CASoN). 2013:27-31.

[4] Wang Bing, Zheng Yao, Lou Wenjing, et al. DDoS attack protection in the era of cloud computing and software-defined networking[C]// Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP). 2014:624-629.

[5] Modi C, Patel D, Borisaniya B, et al. A survey of intrusion detection techniques in cloud[J]. Journal of Network and Computer Applications, 2013,36(1):42-57.

[6] Dotcenko S, Vladyko A, Letenko I. A fuzzy logic-based information security management for software-defined networks[C]// Proceedings of the 16th International Conference on Advanced Communication Technology (ICACT). 2014:167-171.

[7] Lim S, Ha J, Kim H, et al. A SDN-oriented DDoS blocking scheme for botnet-based attacks[C]// Proceedings of the 6th International Conference on Ubiquitous and Future Networks (ICUFN). 2014:63-68.

[8] Collings J, Liu Jun. An openFlow-based prototype of SDN-oriented stateful hardware firewalls[C]// Proceedings of the 22nd IEEE International Conference on Network Protocols (ICNP). 2014:525-528.

[9] Suh M, Park S H, Lee B, et al. Building firewall over the software-defined network controller[C]// Proceedings of the 16th International Conference on Advanced Communication Technology (ICACT). 2014:744-748.

[10] Gelberger A, Yemini N, Giladi R. Performance analysis of software-defined networking (SDN)[C]// Proceedings of the 21st IEEE International Symposium on Modeling, Analysis & Simulation of Computer and Telecommunication Systems (MASCOTS). 2013:389-393.

[11] Tsugawa M, Matsunaga A, Fortes J A B. Cloud computing security: What changes with software-defined networking?[M]// Secure Cloud Computing. New York: Springer, 2014:77-93.

[12] McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: Enabling innovation in campus networks[J]. Computer Communication Review, 2008,38(2):69-74.

[13] Vaughan-Nichols S J. OpenFlow: The next generation of the network?[J]. Computer, 2011,44(8):13-15.

[14] Chang R K C. Defending against flooding-based distributed denial-of-service attacks: A tutorial[J]. IEEE Communications Magazine, 2002,40(10):42-51.

[15] Peng Tao, Leckie C, Ramamohanarao K. Survey of network-based defense mechanisms countering the DoS and DDoS problems[J]. ACM Computing Surveys, 2007,39(1): Article 3.

[16] Darwish M, Ouda A, Capretz L F. Cloud-based DDoS attacks and defenses[C]// Proceedings of the 2013 International Conference on Information Society (i-Society). 2013: 67-71.

[17] Liu Huan. A new form of DOS attack in a cloud and its avoidance mechanism[C]// Proceedings of the 2nd ACM Workshop on Cloud Computing Security. 2010:65-76.

[18] Bhuyan M H, Bhattacharyya D K, Kalita J K. Surveying port scans and their detection methodologies[J]. The Computer Journal, 2011,54(10):1565-1581.

[19] Akbarabadi A, Zamani M, Farahmandian S, et al. An Overview on Methods to Detect Port Scanning Attacks in Cloud Computing[DB/OL]. http://www.wseas.us/e-library/conferences/2013/CambridgeUK/AISE/AISE-30.pdf, 2013-12-22.

[20] Riquet D, Grimaud G, Hauspie M. Large-scale coordinated attacks: Impact on the cloud security[C]// Proceedings of the 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). 2012:558-563.

[21] Schechter S E, Jung J, Berger A W. Fast detection of scanning worm infections[C]// Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. 2004:59-81.

[22] Twycross J, Williamson M M. Implementing and testing a virus throttle[C]// Proceedings of the 12th USENIX Security Symposium. 2003:285-294.

[23] Mehdi S A, Khalid J, Khayam S A. Revisiting traffic anomaly detection using software defined networking[C]// Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. 2011:161-180.

[24] McHugh J. The 1998 Lincoln laboratory IDS evaluation[C]// Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection. 2000:145-161.

[25] Curtis A R, Mogul J C, Tourrilhes J, et al. DevoFlow: Scaling flow management for high-performance networks[C]// Proceedings of the 2011 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications. 2011:254-265.

[26] Sekar V, Egi N, Ratnasamy S, et al. Design and implementation of a consolidated middlebox architecture[C]// Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 2012:323-336.