Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs

Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs

By decoupling the control plane and data plane in the software-defined network (SDN), the controller gains a comprehensive global view of the network. The SDN controller samples traffic from all switches to effectively manage data plane traffic. The sampling rate of flow traffic significantly impact...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on information forensics and security 2024, Vol.19, p.9245-9257
Hauptverfasser: Niknami, Nadia, Srinivasan, Avinash, Wu, Jie
Format: Artikel
Sprache:eng
Schlagworte:
Accuracy
Adaptive sampling
Anomaly detection
attack
Control systems
cybersecurity
Intrusion detection
load balancing
Monitoring
network monitoring
Sampling methods
sampling rate
software-defined networks
Telecommunication traffic
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 9257
container_issue
container_start_page 9245
container_title IEEE transactions on information forensics and security
container_volume 19
creator Niknami, Nadia
Srinivasan, Avinash
Wu, Jie
description By decoupling the control plane and data plane in the software-defined network (SDN), the controller gains a comprehensive global view of the network. The SDN controller samples traffic from all switches to effectively manage data plane traffic. The sampling rate of flow traffic significantly impacts the accuracy of the controller's decisions. While increasing the sampling rate is desirable for improved detection accuracy, it also escalates resource consumption on both switches and the controller. Hence, it is crucial to carefully manage sampling on switches to fine-tune anomaly detection accuracy. Existing flow sampling solutions often struggle to strike a balance between detection accuracy, sampling rate, and overhead. To address this challenge, we propose a robust cybersecurity framework for anomaly detection on SDNs through traffic flow inspection. Our proposed framework, Cyber-AnDe, integrates adaptive distributed sampling (ADS) with a Reinforcement Learning (RL) agent to enhance anomaly detection accuracy while minimizing the increase in controller overhead. In our framework, the controller leverages information gathered from each sampled traffic flow to determine whether the flow's state is malicious, suspicious, or benign based on underlying anomaly detection algorithms. Once the flow state is determined, the controller takes the appropriate action with the help of the RL agent. Through extensive simulations and SDN test-bed experiments, we confirm a significant improvement of up to 93% in network traffic-based anomaly detection compared to existing solutions.
doi_str_mv 10.1109/TIFS.2024.3468632
format Article
fullrecord <record><control><sourceid>crossref_RIE</sourceid><recordid>TN_cdi_ieee_primary_10695148</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10695148</ieee_id><sourcerecordid>10_1109_TIFS_2024_3468632</sourcerecordid><originalsourceid>FETCH-LOGICAL-c148t-84b4a45f3656488c0cbcc560aa9f39f48668c7b923320d69c8f66566b5d42a283</originalsourceid><addsrcrecordid>eNpNkF9LwzAUxYMoOKcfQPAhX6Az_3pNfSur08HQh018LGmaaHRtR5I5-u3t3BDhwD0P51wOP4SuKZlQSrLb1Xy2nDDCxIQLkMDZCRrRNIUECKOnf57yc3QRwichQlCQI1RP-8r4JG8Lc49_fTB6613s8cyrxuw6_4XfXPzAea020X0bXLgQvau20dR4qZrN2rXv2HYe523XqHWPCxONjq5r8aBl8Rwu0ZlV62CujneMXmcPq-lTsnh5nE_zRaKpkDGRohJKpJZDCkJKTXSldQpEqczyzAoJIPVdlTHOGakh09LCEIUqrQVTTPIxooe_2ncheGPLjXeN8n1JSbnHVO4xlXtM5RHT0Lk5dJwx5l8esnQYxX8AwPxkLQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs</title><source>IEEE Electronic Library (IEL)</source><creator>Niknami, Nadia ; Srinivasan, Avinash ; Wu, Jie</creator><creatorcontrib>Niknami, Nadia ; Srinivasan, Avinash ; Wu, Jie</creatorcontrib><description>By decoupling the control plane and data plane in the software-defined network (SDN), the controller gains a comprehensive global view of the network. The SDN controller samples traffic from all switches to effectively manage data plane traffic. The sampling rate of flow traffic significantly impacts the accuracy of the controller's decisions. While increasing the sampling rate is desirable for improved detection accuracy, it also escalates resource consumption on both switches and the controller. Hence, it is crucial to carefully manage sampling on switches to fine-tune anomaly detection accuracy. Existing flow sampling solutions often struggle to strike a balance between detection accuracy, sampling rate, and overhead. To address this challenge, we propose a robust cybersecurity framework for anomaly detection on SDNs through traffic flow inspection. Our proposed framework, Cyber-AnDe, integrates adaptive distributed sampling (ADS) with a Reinforcement Learning (RL) agent to enhance anomaly detection accuracy while minimizing the increase in controller overhead. In our framework, the controller leverages information gathered from each sampled traffic flow to determine whether the flow's state is malicious, suspicious, or benign based on underlying anomaly detection algorithms. Once the flow state is determined, the controller takes the appropriate action with the help of the RL agent. Through extensive simulations and SDN test-bed experiments, we confirm a significant improvement of up to 93% in network traffic-based anomaly detection compared to existing solutions.</description><identifier>ISSN: 1556-6013</identifier><identifier>EISSN: 1556-6021</identifier><identifier>DOI: 10.1109/TIFS.2024.3468632</identifier><identifier>CODEN: ITIFA6</identifier><language>eng</language><publisher>IEEE</publisher><subject>Accuracy ; Adaptive sampling ; Anomaly detection ; attack ; Control systems ; cybersecurity ; Intrusion detection ; load balancing ; Monitoring ; network monitoring ; Sampling methods ; sampling rate ; software-defined networks ; Telecommunication traffic</subject><ispartof>IEEE transactions on information forensics and security, 2024, Vol.19, p.9245-9257</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c148t-84b4a45f3656488c0cbcc560aa9f39f48668c7b923320d69c8f66566b5d42a283</cites><orcidid>0000-0002-6940-0139 ; 0000-0001-5636-5808</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10695148$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>315,781,785,797,4025,27927,27928,27929,54762</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10695148$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Niknami, Nadia</creatorcontrib><creatorcontrib>Srinivasan, Avinash</creatorcontrib><creatorcontrib>Wu, Jie</creatorcontrib><title>Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs</title><title>IEEE transactions on information forensics and security</title><addtitle>TIFS</addtitle><description>By decoupling the control plane and data plane in the software-defined network (SDN), the controller gains a comprehensive global view of the network. The SDN controller samples traffic from all switches to effectively manage data plane traffic. The sampling rate of flow traffic significantly impacts the accuracy of the controller's decisions. While increasing the sampling rate is desirable for improved detection accuracy, it also escalates resource consumption on both switches and the controller. Hence, it is crucial to carefully manage sampling on switches to fine-tune anomaly detection accuracy. Existing flow sampling solutions often struggle to strike a balance between detection accuracy, sampling rate, and overhead. To address this challenge, we propose a robust cybersecurity framework for anomaly detection on SDNs through traffic flow inspection. Our proposed framework, Cyber-AnDe, integrates adaptive distributed sampling (ADS) with a Reinforcement Learning (RL) agent to enhance anomaly detection accuracy while minimizing the increase in controller overhead. In our framework, the controller leverages information gathered from each sampled traffic flow to determine whether the flow's state is malicious, suspicious, or benign based on underlying anomaly detection algorithms. Once the flow state is determined, the controller takes the appropriate action with the help of the RL agent. Through extensive simulations and SDN test-bed experiments, we confirm a significant improvement of up to 93% in network traffic-based anomaly detection compared to existing solutions.</description><subject>Accuracy</subject><subject>Adaptive sampling</subject><subject>Anomaly detection</subject><subject>attack</subject><subject>Control systems</subject><subject>cybersecurity</subject><subject>Intrusion detection</subject><subject>load balancing</subject><subject>Monitoring</subject><subject>network monitoring</subject><subject>Sampling methods</subject><subject>sampling rate</subject><subject>software-defined networks</subject><subject>Telecommunication traffic</subject><issn>1556-6013</issn><issn>1556-6021</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkF9LwzAUxYMoOKcfQPAhX6Az_3pNfSur08HQh018LGmaaHRtR5I5-u3t3BDhwD0P51wOP4SuKZlQSrLb1Xy2nDDCxIQLkMDZCRrRNIUECKOnf57yc3QRwichQlCQI1RP-8r4JG8Lc49_fTB6613s8cyrxuw6_4XfXPzAea020X0bXLgQvau20dR4qZrN2rXv2HYe523XqHWPCxONjq5r8aBl8Rwu0ZlV62CujneMXmcPq-lTsnh5nE_zRaKpkDGRohJKpJZDCkJKTXSldQpEqczyzAoJIPVdlTHOGakh09LCEIUqrQVTTPIxooe_2ncheGPLjXeN8n1JSbnHVO4xlXtM5RHT0Lk5dJwx5l8esnQYxX8AwPxkLQ</recordid><startdate>2024</startdate><enddate>2024</enddate><creator>Niknami, Nadia</creator><creator>Srinivasan, Avinash</creator><creator>Wu, Jie</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0002-6940-0139</orcidid><orcidid>https://orcid.org/0000-0001-5636-5808</orcidid></search><sort><creationdate>2024</creationdate><title>Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs</title><author>Niknami, Nadia ; Srinivasan, Avinash ; Wu, Jie</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c148t-84b4a45f3656488c0cbcc560aa9f39f48668c7b923320d69c8f66566b5d42a283</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Accuracy</topic><topic>Adaptive sampling</topic><topic>Anomaly detection</topic><topic>attack</topic><topic>Control systems</topic><topic>cybersecurity</topic><topic>Intrusion detection</topic><topic>load balancing</topic><topic>Monitoring</topic><topic>network monitoring</topic><topic>Sampling methods</topic><topic>sampling rate</topic><topic>software-defined networks</topic><topic>Telecommunication traffic</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Niknami, Nadia</creatorcontrib><creatorcontrib>Srinivasan, Avinash</creatorcontrib><creatorcontrib>Wu, Jie</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE transactions on information forensics and security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Niknami, Nadia</au><au>Srinivasan, Avinash</au><au>Wu, Jie</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs</atitle><jtitle>IEEE transactions on information forensics and security</jtitle><stitle>TIFS</stitle><date>2024</date><risdate>2024</risdate><volume>19</volume><spage>9245</spage><epage>9257</epage><pages>9245-9257</pages><issn>1556-6013</issn><eissn>1556-6021</eissn><coden>ITIFA6</coden><abstract>By decoupling the control plane and data plane in the software-defined network (SDN), the controller gains a comprehensive global view of the network. The SDN controller samples traffic from all switches to effectively manage data plane traffic. The sampling rate of flow traffic significantly impacts the accuracy of the controller's decisions. While increasing the sampling rate is desirable for improved detection accuracy, it also escalates resource consumption on both switches and the controller. Hence, it is crucial to carefully manage sampling on switches to fine-tune anomaly detection accuracy. Existing flow sampling solutions often struggle to strike a balance between detection accuracy, sampling rate, and overhead. To address this challenge, we propose a robust cybersecurity framework for anomaly detection on SDNs through traffic flow inspection. Our proposed framework, Cyber-AnDe, integrates adaptive distributed sampling (ADS) with a Reinforcement Learning (RL) agent to enhance anomaly detection accuracy while minimizing the increase in controller overhead. In our framework, the controller leverages information gathered from each sampled traffic flow to determine whether the flow's state is malicious, suspicious, or benign based on underlying anomaly detection algorithms. Once the flow state is determined, the controller takes the appropriate action with the help of the RL agent. Through extensive simulations and SDN test-bed experiments, we confirm a significant improvement of up to 93% in network traffic-based anomaly detection compared to existing solutions.</abstract><pub>IEEE</pub><doi>10.1109/TIFS.2024.3468632</doi><tpages>13</tpages><orcidid>https://orcid.org/0000-0002-6940-0139</orcidid><orcidid>https://orcid.org/0000-0001-5636-5808</orcidid></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1556-6013
ispartof IEEE transactions on information forensics and security, 2024, Vol.19, p.9245-9257
issn 1556-6013
1556-6021
language eng
recordid cdi_ieee_primary_10695148
source IEEE Electronic Library (IEL)
subjects Accuracy
Adaptive sampling
Anomaly detection
attack
Control systems
cybersecurity
Intrusion detection
load balancing
Monitoring
network monitoring
Sampling methods
sampling rate
software-defined networks
Telecommunication traffic
title Cyber-AnDe: Cybersecurity Framework With Adaptive Distributed Sampling for Anomaly Detection on SDNs
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-17T02%3A27%3A22IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Cyber-AnDe:%20Cybersecurity%20Framework%20With%20Adaptive%20Distributed%20Sampling%20for%20Anomaly%20Detection%20on%20SDNs&rft.jtitle=IEEE%20transactions%20on%20information%20forensics%20and%20security&rft.au=Niknami,%20Nadia&rft.date=2024&rft.volume=19&rft.spage=9245&rft.epage=9257&rft.pages=9245-9257&rft.issn=1556-6013&rft.eissn=1556-6021&rft.coden=ITIFA6&rft_id=info:doi/10.1109/TIFS.2024.3468632&rft_dat=%3Ccrossref_RIE%3E10_1109_TIFS_2024_3468632%3C/crossref_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10695148&rfr_iscdi=true