Visible to the public Biblio

Found 116 results

Filters: Keyword is Switches  [Clear All Filters]
2021-09-16
Asci, Cihan, Wang, Wei, Sonkusale, Sameer.  2020.  Security Monitoring System Using Magnetically-Activated RFID Tags. 2020 IEEE SENSORS. :1–4.
Existing methods for home security monitoring depend on expensive custom battery-powered solutions. In this article, we present a battery-free solution that leverages any off-the-shelf passive radio frequency identification (RFID) tag for real-time entry detection. Sensor consists of a printed RFID antenna on paper, coupled to a magnetic reed switch and is affixed on the door. Opening of the door triggers the reed switch causing RFID signal transmission detected by any off-the-shelf passive RFID reader. This paper shows simulation and experimental results for such magnetically-actuated RFID (or magRFID) opening sensor.
2021-09-07
Sanjeetha, R, Shastry, K.N Ajay, Chetan, H.R, Kanavalli, Anita.  2020.  Mitigating HTTP GET FLOOD DDoS Attack Using an SDN Controller. 2020 International Conference on Recent Trends on Electronics, Information, Communication Technology (RTEICT). :6–10.
DDoS attacks are pre-dominant in traditional networks, they are used to bring down the services of important servers in the network, thereby affecting its performance. One such kind of attack is HTTP GET Flood DDoS attack in which a lot of HTTP GET request messages are sent to the victim web server, overwhelming its resources and bringing down its services to the legitimate clients. The solution to such attacks in traditional networks is usually implemented at the servers, but this consumes its resources which could otherwise be used to process genuine client requests. Software Defined Network (SDN) is a new network architecture that helps to deal with these attacks in a different way. In SDN the mitigation can be done using the controller without burdening the server. In this paper, we first show how an HTTP GET Flood DDoS attack can be performed on the webserver in an SDN environment and then propose a solution to mitigate the same with the help of the SDN controller. At the server, the attack is detected by checking the number of requests arriving to the web server for a certain period of time, if the number of request is greater than a particular threshold then the hosts generating such attacks will be blocked for the attack duration.
2021-09-01
Wang, Zizhong, Wang, Haixia, Shao, Airan, Wang, Dongsheng.  2020.  An Adaptive Erasure-Coded Storage Scheme with an Efficient Code-Switching Algorithm. 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS). :1177—1178.
Using erasure codes increases consumption of network traffic and disk I/O tremendously when systems recover data, resulting in high latency of degraded reads. In order to mitigate this problem, we present an adaptive storage scheme based on data access skew, a fact that most data accesses are applied in a small fraction of data. In this scheme, we use both Local Reconstruction Code (LRC), whose recovery cost is low, to store frequently accessed data, and Hitchhiker (HH) code, which guarantees minimum storage cost, to store infrequently accessed data. Besides, an efficient switching algorithm between LRC and HH code with low network and computation costs is provided. The whole system will benefit from low degraded read latency while keeping a low storage overhead, and code-switching will not become a bottleneck.
2021-08-31
Yang, Jian, Liu, Shoubao, Fang, Yuan, Xiong, Zhonghao, Li, Xin.  2020.  A simulation calculation method for suppressing the magnetizing inrush current in the setting of the overcurrent protection of the connecting transformer in the hydropower station. 2020 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). :197–202.
In order to improve the reliability of power supply in adjacent hydropower stations, the auxiliary power systems of the two stations are connected through a contact transformer. The magnetizing inrush current generated by the connecting transformer of a hydropower station has the characteristics of high frequency, strong energy, and multi-coupling. The harm caused by the connecting transformer is huge. In order to prevent misoperation during the closing process of the connecting transformer, this article aims at the problem of setting the switching current of the connecting transformer of the two hydropower stations, and establishes the analysis model of the excitation inrush current with SimPowerSystem software, and carries out the quantitative simulation calculation of the excitation inrush current of the connecting transformer. A setting strategy for overcurrent protection of tie transformers to suppress the excitation inrush current is proposed. Under the conditions of changing switch closing time, generator load, auxiliary transformer load, tie transformer core remanence, the maximum amplitude of the excitation inrush current is comprehensively judged Value, and then achieve the suppression of the excitation inrush current, and accurately determine the protection setting of the switch.
2021-08-11
Indra Basuki, Akbari, Rosiyadi, Didi, Setiawan, Iwan.  2020.  Preserving Network Privacy on Fine-grain Path-tracking Using P4-based SDN. 2020 International Conference on Radar, Antenna, Microwave, Electronics, and Telecommunications (ICRAMET). :129—134.
Path-tracking is essential to provide complete information regarding network breach incidents. It records the direction of the attack and its source of origin thus giving the network manager proper information for the next responses. Nevertheless, the existing path-tracking implementations expose the network topology and routing configurations. In this paper, we propose a privacy-aware path-tracking which mystifies network configurations using in-packet bloom filter. We apply our method by using P4 switch to supports a fine-grain (per-packet) path-tracking with dynamic adaptability via in-switch bloom filter computation. We use a hybrid scheme which consists of a destination-based logging and a path finger print-based marking to minimize the redundant path inferring caused by the bloom filter's false positive. For evaluation, we emulate the network using Mininet and BMv2 software switch. We deploy a source routing mechanism to run the evaluations using a limited testbed machine implementing Rocketfuel topology. By using the hybrid marking and logging technique, we can reduce the redundant path to zero percent, ensuring no-collision in the path-inferring. Based on the experiments, it has a lower space efficiency (56 bit) compared with the bloom filter-only solution (128 bit). Our proposed method guarantees that the recorded path remains secret unless the secret keys of every switch are known.
2021-08-03
Ragchaa, Byambajav, Wu, Liji, Zhang, Xiangmin, Chu, Honghao.  2020.  A Multi-Channel 12 bit, 100Ksps 0.35um CMOS ADC IP core for Security SoC. 2020 IEEE 15th International Conference on Solid-State Integrated Circuit Technology (ICSICT). :1—3.
This paper presents a multi-channel, 12 bit, ADC IP core with programmable gain amplifier which is implemented as part of novel Security SoC. The measurement results show that effective number of bits (ENOB) of the ADC IP core reaches 8 bits, SNDR of 47.14dB and SFDR of 56.55dB at 100Ksps sampling rate. The input voltage range is 0V to 3.3V, active die area of 700um*620um in 0.35um CMOS process, and the ADC consumes 22mW in all channel auto-scan mode at 3.3V power supply.
2021-08-02
Abdul Basit Ur Rahim, Muhammad, Duan, Qi, Al-Shaer, Ehab.  2020.  A Formal Analysis of Moving Target Defense. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1802—1807.
Static system configuration provides a significant advantage for the adversaries to discover the assets and launch attacks. Configuration-based moving target defense (MTD) reverses the cyber warfare asymmetry by mutating certain configuration parameters to disrupt the attack planning or increase the attack cost significantly. In this research, we present a methodology for the formal verification of MTD techniques. We formally modeled MTD techniques and verified them against constraints. We use Random Host Mutation (RHM) as a case study for MTD formal verification. The RHM transparently mutates the IP addresses of end-hosts and turns into untraceable moving targets. We apply the formal methodology to verify the correctness, safety, mutation, mutation quality, and deadlock-freeness of RHM using the model checking tool. An adversary is also modeled to validate the effectiveness of the MTD technique. Our experimentation validates the scalability and feasibility of the formal verification methodology.
Qi, Xiaoxia, Shen, Shuai, Wang, Qijin.  2020.  A Moving Target Defense Technology Based on SCIT. 2020 International Conference on Computer Engineering and Application (ICCEA). :454—457.
Moving target defense technology is one of the revolutionary techniques that is “changing the rules of the game” in the field of network technology, according to recent propositions from the US Science and Technology Commission. Building upon a recently-developed approach called Self Cleansing Intrusion Tolerance (SCIT), this paper proposes a moving target defense system that is based on server switching and cleaning. A protected object is maneuvered to improve its safety by exploiting software diversity and thereby introducing randomness and unpredictability into the system. Experimental results show that the improved system increases the difficulty of attack and significantly reduces the likelihood of a system being invaded, thus serving to enhance system security.
2021-07-27
Sinha, Ayush, Chakrabarti, Sourin, Vyas, O.P..  2020.  Distributed Grid restoration based on graph theory. 2020 IEEE International Symposium on Sustainable Energy, Signal Processing and Cyber Security (iSSSC). :1–6.
With the emergence of smart grids as the primary means of distribution across wide areas, the importance of improving its resilience to faults and mishaps is increasing. The reliability of a distribution system depends upon its tolerance to attacks and the efficiency of restoration after an attack occurs. This paper proposes a unique approach to the restoration of smart grids under attack by impostors or due to natural calamities via optimal islanding of the grid with primary generators and distributed generators(DGs) into sub-grids minimizing the amount of load shed which needs to be incurred and at the same time minimizing the number of switching operations via graph theory. The minimum load which needs to be shed is computed in the first stage followed by selecting the nodes whose load needs to be shed to achieve such a configuration and then finally deriving the sequence of switching operations required to achieve the configuration. The proposed method is tested against standard IEEE 37-bus and a 1069-bus grid system and the minimum load shed along with the sequencing steps to optimal configuration and time to achieve such a configuration are presented which demonstrates the effectiveness of the method when compared to the existing methods in the field. Moreover, the proposed algorithm can be easily modified to incorporate any other constraints which might arise due to any operational configuration of the grid.
2021-07-07
Wang, Yang, Wei, Xiaogang.  2020.  A Security Model of Ubiquitous Power Internet of Things Based on SDN and DFI. 2020 Information Communication Technologies Conference (ICTC). :55–58.
Security is the basic topic for the normal operation of the power Internet of Things, and its growing scale determines the trend of dynamic deployment and flexible expansion in the future to meet the ever-changing needs. While large-scale networks have a high cost of hardware resources, so the security protection of the ubiquitous power Internet of Things must be lightweight. In this paper, we propose to build a platform of power Internet of things based on SDN (Software Defined Network) technology and extend the openflow protocol by adding some types of actions and meters to achieve the purpose of on-demand monitoring, dynamic defense and flexible response. To achieve the purpose of lightweight protection, we take advantage of DFI(Deep Flow Inspection) technology to collect and analyze traffic in the Internet of Things, and form a security prevention and control strategy model suitable for the power Internet of Things, without in-depth detection of payload and without the influence of ciphertext.
2021-06-24
Pashchenko, Ivan, Scandariato, Riccardo, Sabetta, Antonino, Massacci, Fabio.  2021.  Secure Software Development in the Era of Fluid Multi-party Open Software and Services. 2021 IEEE/ACM 43rd International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER). :91—95.
Pushed by market forces, software development has become fast-paced. As a consequence, modern development projects are assembled from 3rd-party components. Security & privacy assurance techniques once designed for large, controlled updates over months or years, must now cope with small, continuous changes taking place within a week, and happening in sub-components that are controlled by third-party developers one might not even know they existed. In this paper, we aim to provide an overview of the current software security approaches and evaluate their appropriateness in the face of the changed nature in software development. Software security assurance could benefit by switching from a process-based to an artefact-based approach. Further, security evaluation might need to be more incremental, automated and decentralized. We believe this can be achieved by supporting mechanisms for lightweight and scalable screenings that are applicable to the entire population of software components albeit there might be a price to pay.
Iffländer, Lukas, Beierlieb, Lukas, Fella, Nicolas, Kounev, Samuel, Rawtani, Nishant, Lange, Klaus-Dieter.  2020.  Implementing Attack-aware Security Function Chain Reordering. 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C). :194—199.
Attack-awareness recognizes self-awareness for security systems regarding the occurring attacks. More frequent and intense attacks on cloud and network infrastructures are pushing security systems to the limit. With the end of Moore's Law, merely scaling against these attacks is no longer economically justified. Previous works have already dealt with the adoption of Software-defined Networking and Network Function Virtualization in security systems and used both approaches to optimize performance by the intelligent placement of security functions. In our previous works, we already made a case for taking the order of security functions into account and dynamically adapt this order. In this work, we propose a reordering framework, provide a proof-of-concept implementation, and validate this implementation in an evaluation environment. The framework's evaluation proves the feasibility of our concept.
2021-05-25
Bogosyan, Seta, Gokasan, Metin.  2020.  Novel Strategies for Security-hardened BMS for Extremely Fast Charging of BEVs. 2020 IEEE 23rd International Conference on Intelligent Transportation Systems (ITSC). :1–7.

The increased power capacity and networking requirements in Extremely Fast Charging (XFC) systems for battery electric vehicles (BEVs) and the resulting increase in the adversarial attack surface call for security measures to be taken in the involved cyber-physical system (CPS). Within this system, the security of the BEV's battery management system (BMS) is of critical importance as the BMS is the first line of defense between the vehicle and the charge station. This study proposes an optimal control and moving-target defense (MTD) based novel approach for the security of the vehicle BMS) focusing on the charging process, during which a compromised vehicle may contaminate the XFC station and the whole grid. This paper is part of our ongoing research, which is one of the few, if not the first, reported studies in the literature on security-hardened BMS, aiming to increase the security and performance of operations between the charging station, the BMS and the battery system of electric vehicles. The developed MTD based switching strategy makes use of redundancies in the controller and feedback design. The performed simulations demonstrate an increased unpredictability and acceptable charging performance under adversarial attacks.

2021-05-20
Das, Debayan, Nath, Mayukh, Ghosh, Santosh, Sen, Shreyas.  2020.  Killing EM Side-Channel Leakage at its Source. 2020 IEEE 63rd International Midwest Symposium on Circuits and Systems (MWSCAS). :1108—1111.
Side-channel analysis (SCA) is a big threat to the security of connected embedded devices. Over the last few years, physical non-invasive SCA attacks utilizing the electromagnetic (EM) radiation (EM side-channel `leakage') from a crypto IC has gained huge momentum owing to the availability of the low-cost EM probes and development of the deep-learning (DL) based profiling attacks. In this paper, our goal is to understand the source of the EM leakage by analyzing a white-box modeling of the EM leakage from the crypto IC, leading towards a low-overhead generic countermeasure. To kill this EM leakage from its source, the solution utilizes a signature attenuation hardware (SAH) encapsulating the crypto core locally within the lower metal layers such that the critical correlated crypto current signature is significantly attenuated before it passes through the higher metal layers to connect to the external pin. The protection circuit utilizing AES256 as the crypto core is fabricated in 65nm process and shows for the first time the effects of metal routing on the EM leakage. The \textbackslashtextgreater 350× signature attenuation of the SAH together with the local lower metal routing ensured that the protected AES remains secure even after 1B measurements for both EM and power SCA, which is an 100× improvement over the state-of-the-art with comparable overheads. Overall, with the combination of the 2 techniques - signature suppression and local lower metal routing, we are able to kill the EM side-channel leakage at its source such that the correlated signature is not passed through the top-level metals, MIM capacitors, or on-board inductors, which are the primary sources of EM leakage, thereby preventing EM SCA attacks.
2021-05-13
Sheptunov, Sergey A., Sukhanova, Natalia V..  2020.  The Problems of Design and Application of Switching Neural Networks in Creation of Artificial Intelligence. 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT QM IS). :428–431.
The new switching architecture of the neural networks was proposed. The switching neural networks consist of the neurons and the switchers. The goal is to reduce expenses on the artificial neural network design and training. For realization of complex models, algorithms and methods of management the neural networks of the big size are required. The number of the interconnection links “everyone with everyone” grows with the number of neurons. The training of big neural networks requires the resources of supercomputers. Time of training of neural networks also depends on the number of neurons in the network. Switching neural networks are divided into fragments connected by the switchers. Training of switcher neuron network is provided by fragments. On the basis of switching neural networks the devices of associative memory were designed with the number of neurons comparable to the human brain.
Nakhushev, Rakhim S., Sukhanova, Natalia V..  2020.  Application of the Neural Networks for Cryptographic Information Security. 2020 International Conference Quality Management, Transport and Information Security, Information Technologies (IT QM IS). :421–423.
The object of research is information security. The tools used for research are artificial neural networks. The goal is to increase the cryptography security. The problems are: the big volume of information, the expenses for neural networks design and training. It is offered to use the neural network for the cryptographic transformation of information.
Sheng, Mingren, Liu, Hongri, Yang, Xu, Wang, Wei, Huang, Junheng, Wang, Bailing.  2020.  Network Security Situation Prediction in Software Defined Networking Data Plane. 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications( AEECA). :475–479.
Software-Defined Networking (SDN) simplifies network management by separating the control plane from the data forwarding plane. However, the plane separation technology introduces many new loopholes in the SDN data plane. In order to facilitate taking proactive measures to reduce the damage degree of network security events, this paper proposes a security situation prediction method based on particle swarm optimization algorithm and long-short-term memory neural network for network security events on the SDN data plane. According to the statistical information of the security incident, the analytic hierarchy process is used to calculate the SDN data plane security situation risk value. Then use the historical data of the security situation risk value to build an artificial neural network prediction model. Finally, a prediction model is used to predict the future security situation risk value. Experiments show that this method has good prediction accuracy and stability.
2021-05-05
Zhu, Jianping, HOU, RUI, Wang, XiaoFeng, Wang, Wenhao, Cao, Jiangfeng, Zhao, Boyan, Wang, Zhongpu, Zhang, Yuhui, Ying, Jiameng, Zhang, Lixin et al..  2020.  Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment. 2020 IEEE Symposium on Security and Privacy (SP). :1450—1465.

With its huge real-world demands, large-scale confidential computing still cannot be supported by today's Trusted Execution Environment (TEE), due to the lack of scalable and effective protection of high-throughput accelerators like GPUs, FPGAs, and TPUs etc. Although attempts have been made recently to extend the CPU-like enclave to GPUs, these solutions require change to the CPU or GPU chips, may introduce new security risks due to the side-channel leaks in CPU-GPU communication and are still under the resource constraint of today's CPU TEE.To address these problems, we present the first Heterogeneous TEE design that can truly support large-scale compute or data intensive (CDI) computing, without any chip-level change. Our approach, called HETEE, is a device for centralized management of all computing units (e.g., GPUs and other accelerators) of a server rack. It is uniquely designed to work with today's data centres and clouds, leveraging modern resource pooling technologies to dynamically compartmentalize computing tasks, and enforce strong isolation and reduce TCB through hardware support. More specifically, HETEE utilizes the PCIe ExpressFabric to allocate its accelerators to the server node on the same rack for a non-sensitive CDI task, and move them back into a secure enclave in response to the demand for confidential computing. Our design runs a thin TCB stack for security management on a security controller (SC), while leaving a large set of software (e.g., AI runtime, GPU driver, etc.) to the integrated microservers that operate enclaves. An enclaves is physically isolated from others through hardware and verified by the SC at its inception. Its microserver and computing units are restored to a secure state upon termination.We implemented HETEE on a real hardware system, and evaluated it with popular neural network inference and training tasks. Our evaluations show that HETEE can easily support the CDI tasks on the real-world scale and incurred a maximal throughput overhead of 2.17% for inference and 0.95% for training on ResNet152.

2021-04-09
Usman, S., Winarno, I., Sudarsono, A..  2020.  Implementation of SDN-based IDS to protect Virtualization Server against HTTP DoS attacks. 2020 International Electronics Symposium (IES). :195—198.
Virtualization and Software-defined Networking (SDN) are emerging technologies that play a major role in cloud computing. Cloud computing provides efficient utilization, high performance, and resource availability on demand. However, virtualization environments are vulnerable to various types of intrusion attacks that involve installing malicious software and denial of services (DoS) attacks. Utilizing SDN technology, makes the idea of SDN-based security applications attractive in the fight against DoS attacks. Network intrusion detection system (IDS) which is used to perform network traffic analysis as a detection system implemented on SDN networks to protect virtualization servers from HTTP DoS attacks. The experimental results show that SDN-based IDS is able to detect and mitigate HTTP DoS attacks effectively.
2021-03-17
Wang, M., Xiao, J., Cai, Z..  2020.  An effective technique preventing differential cryptanalysis attack. 2020 IEEE 29th Asian Test Symposium (ATS). :1—6.
In this paper, an adaptive scan chain structure based plaintext analysis technique is proposed. The technology is implemented by three circuits, including adaptive scan chain circuit, plaintext analysis circuit and controller circuit. The plaintext is analyzed whether meet the characteristics of the differential cryptanalysis in the plaintext analysis module. The adaptive scan chain contains MUX, XOR and traditional scan chain, which is easy to implement. If the last bit of two plaintexts differs by one, the adaptive scan chain is controlled to input them into different scan chain. Compared with complicated scan chain, the structure of adaptive scan chain is variable and can mislead attackers who use differential cryptanalysis attack. Through experimental analysis, it is proved that the security of the adaptive scan chain structure is greatly improved.
2021-03-15
Akter, S., Rahman, M. S., Mansoor, N..  2020.  An Efficient Routing Protocol for Secured Communication in Cognitive Radio Sensor Networks. 2020 IEEE Region 10 Symposium (TENSYMP). :1713–1716.
This paper introduces an efficient reactive routing protocol considering the mobility and the reliability of a node in Cognitive Radio Sensor Networks (CRSNs). The proposed protocol accommodates the dynamic behavior of the spectrum availability and selects a stable transmission path from a source node to the destination. Outlined as a weighted graph problem, the proposed protocol measures the weight for an edge the measuring the mobility patterns of the nodes and channel availability. Furthermore, the mobility pattern of a node is defined in the proposed routing protocol from the viewpoint of distance, speed, direction, and node's reliability. Besides, the spectrum awareness in the proposed protocol is measured over the number of shared common channels and the channel quality. It is anticipated that the proposed protocol shows efficient routing performance by selecting stable and secured paths from source to destination. Simulation is carried out to assess the performance of the protocol where it is witnessed that the proposed routing protocol outperforms existing ones.
2021-03-09
Lee, T., Chang, L., Syu, C..  2020.  Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks. 2020 IEEE International Conference on Communications Workshops (ICC Workshops). :1—6.

The Software Defined Network (SDN) provides higher programmable functionality for network configuration and management dynamically. Moreover, SDN introduces a centralized management approach by dividing the network into control and data planes. In this paper, we introduce a deep learning enabled intrusion detection and prevention system (DL-IDPS) to prevent secure shell (SSH) brute-force attacks and distributed denial-of-service (DDoS) attacks in SDN. The packet length in SDN switch has been collected as a sequence for deep learning models to identify anomalous and malicious packets. Four deep learning models, including Multilayer Perceptron (MLP), Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) and Stacked Auto-encoder (SAE), are implemented and compared for the proposed DL-IDPS. The experimental results show that the proposed MLP based DL-IDPS has the highest accuracy which can achieve nearly 99% and 100% accuracy to prevent SSH Brute-force and DDoS attacks, respectively.

2021-03-01
D’Alterio, P., Garibaldi, J. M., John, R. I..  2020.  Constrained Interval Type-2 Fuzzy Classification Systems for Explainable AI (XAI). 2020 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–8.
In recent year, there has been a growing need for intelligent systems that not only are able to provide reliable classifications but can also produce explanations for the decisions they make. The demand for increased explainability has led to the emergence of explainable artificial intelligence (XAI) as a specific research field. In this context, fuzzy logic systems represent a promising tool thanks to their inherently interpretable structure. The use of a rule-base and linguistic terms, in fact, have allowed researchers to create models that are able to produce explanations in natural language for each of the classifications they make. So far, however, designing systems that make use of interval type-2 (IT2) fuzzy logic and also give explanations for their outputs has been very challenging, partially due to the presence of the type-reduction step. In this paper, it will be shown how constrained interval type-2 (CIT2) fuzzy sets represent a valid alternative to conventional interval type-2 sets in order to address this issue. Through the analysis of two case studies from the medical domain, it is shown how explainable CIT2 classifiers are produced. These systems can explain which rules contributed to the creation of each of the endpoints of the output interval centroid, while showing (in these examples) the same level of accuracy as their IT2 counterpart.
2021-02-23
Yu, M., He, T., McDaniel, P., Burke, Q. K..  2020.  Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1519—1528.

The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

2021-02-16
Li, R., Wu, B..  2020.  Early detection of DDoS based on φ-entropy in SDN networks. 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). 1:731—735.
Software defined network (SDN) is an emerging network architecture. Its control logic and forwarding logic are separated. SDN has the characteristics of centralized management, which makes it easier for malicious attackers to use the security vulnerabilities of SDN networks to implement distributed denial Service (DDoS) attack. Information entropy is a kind of lightweight DDoS early detection method. This paper proposes a DDoS attack detection method in SDN networks based on φ-entropy. φ-entropy can adjust related parameters according to network conditions and enlarge feature differences between normal and abnormal traffic, which can make it easier to detect attacks in the early stages of DDoS traffic formation. Firstly, this article demonstrates the basic properties of φ-entropy, mathematically illustrates the feasibility of φ-entropy in DDoS detection, and then we use Mini-net to conduct simulation experiments to compare the detection effects of DDoS with Shannon entropy.