Home // ICNS 2024, The Twentieth International Conference on Networking and Services // View article

Anomaly Detection by Monitoring Communication Volume at the Process Level of Each Host in SDN

Authors:
Naoya Kitagawa
Naoki Moriyama
Kohta Ohshima

Keywords: Software Defined Network, Data-plane Verifica- tion, Byte Consistency Verification

Abstract:
Software Defined Network (SDN), which enables flexible routing control based on communication contents, has been widely studied as a countermeasure against possible attacks on the data plane by compromised SDN switches and hosts. We have proposed a byte consistency verification method that uses information such as transfer volume collected from SDN switches to detect anomalous communications even when the communications are encrypted. In addition, we have improved the anomaly detection performance of this method by implementing a high precision time synchronization and an SDN switch function for each host. In this study, we extend the scope of information collection to each host in addition to SDN switches and propose a data plane anomaly detection method by monitoring the communication volume of each process at each host. Furthermore, we implemented and evaluated this method on a network testbed and confirmed that it can be used to improve anomaly detection accuracy.

Pages: 1 to 6

Copyright: Copyright (c) IARIA, 2024

Publication date: March 10, 2024

Published in: conference

ISSN: 2308-4006

ISBN: 978-1-68558-141-1

Location: Athens, Greece

Dates: from March 10, 2024 to March 14, 2024