Nothing Special   »   [go: up one dir, main page]
Skip to main content

Advertisement

Springer Nature Link
Log in

Heterogeneous Hardware-based Network Intrusion Detection System with Multiple Approaches for SDN

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Software-Defined Networking has became one of the most efficient network architectures to deal with complexity, policy control improvement, and vendor dependencies removal. Besides, with the diversity of network attacks, the SDN architecture faces many security issues that need to be taken into account. In this work, we propose an architecture for SDN-based secured forwarding devices (switches) by extending our previous architecture - HPOFS with multiple security functions including lightweight DDoS mechanisms, signature-based and anomaly-based IDS. We implement our architecture on a heterogeneous system including host processors, GPU, and FPGA boards. To the best of our knowledge, this is the first forwarding device for SDN implemented on a heterogeneous system in the literature. Our system not only is enhanced security but also provides a high-speed switching capacity based on the OpenFlow standard. The implemented design on GTX Geforce 1080 G1 for training phase is 14× faster when compared to CPU Intel Core i7 – 4770, 3.4GHz, 16GB of RAM on the Ubuntu version 14.04. The switching function along with three lightweight DDoS detection/prevention mechanisms provide processing speed at 39.48 Gbps on a NetFPGA-10G board (with a Xilinx xc5vtx240t FPGA device). Especially, our neural network models on the NetFPGA-10G board outperform CPU in processing performance by reaching throughputs at 4.84 Gbps. Moreover, the implemented neural network model achieves 99.01% precision with only 0.02% false positive rate when processing a dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Bianchi G, Bonola M, Capone A, Cascone C (2014) Openstate: programming platform-independent stateful openflow applications inside the switch. ACM SIGCOMM Comput Commun Rev 44(2):44–51

    Article  Google Scholar 

  2. Bishop CM, et al. (1995) Neural networks for pattern recognition. Oxford University Press, London

    MATH  Google Scholar 

  3. Braga R, Mota E, Passito A (2010) Lightweight ddos flooding attack detection using nox/openflow. In: 2010 IEEE 35th conference on local computer networks (LCN). IEEE, pp 408–415

  4. Cullinan C, Wyant C, Frattesi T (2019) Computing performance benchmarks among CPU, GPU, and FPGA. https://pdfs.semanticscholar.org/cbec/d8cfb5264f8b36dee412c5980e3305c996e6.pdf

  5. Cox CE, Blanz WE (1992) Ganglion-a fast field-programmable gate array implementation of a connectionist classifier. IEEE J Solid State Circ 27(3):288–299

    Article  Google Scholar 

  6. Cybersecurity CI (2019) NSL-KDD dataset. https://www.unb.ca/cic/datasets/nsl.html

  7. Dargahi T, Caponi A, Ambrosin M, Bianchi G, Conti M (2017) A survey on the security of stateful sdn data planes. IEEE Commun Surv Tutor

  8. Duc-Minh N, Binh TT, Truong D, Tuan T, Tran NT, Cuong PQ (2019) High-throughput machine learning approaches for network attacks detection on FPGA. In: ICCASA2019. Springer, pp 1–10

  9. expertsystem (2019) What is machine learning? A definition. https://www.expertsystem.com/machine-learning-definition/

  10. Fujii Y, Azumi T, Nishio N, Kato S, Edahiro M (2013) Data transfer matters for gpu computing. In: 2013 international conference on parallel and distributed systems. IEEE, pp 275–282

  11. Gad A (2019) Beginners ask how many hidden layers/neurons to use in artificial neural networks?. https://towardsdatascience.com/beginners-ask-how-many-hidden-layers-neurons-to-use-in-artificial-neural-networks-51466afa0d3e

  12. Gigabyte (2019) Geforce®; GTX 1080 G1 gaming 8G. https://www.gigabyte.com/graphics-card/GV-n1080g1-GAMING-8GD#kf

  13. Github (2019) OSNT 10G home. https://github.com/netFPGA/OSNT-public/wiki/OSNT-10g-home

  14. Heaton J (2008) Introduction to neural networks for java, 2nd edn. Heaton Research, Inc.

  15. Hong S, Xu L, Wang H, Gu G (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: NDSS

  16. Jain AK, Mao J, Mohiuddin K (1996) Artificial neural networks: a tutorial. Computer (3)31–44

  17. James-Roxby P, Blodget B (2000) Adapting constant multipliers in a neural network implementation. In: Proceedings 2000 IEEE symposium on field-programmable custom computing machines (Cat. No. PR00871). IEEE, pp 335–336

  18. Kreutz D, Ramos F, Verissimo P (2013) Towards secure and dependable software-defined networks. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, pp 55–60

  19. Marchesi M, Orlandi G, Piazza F, Uncini A (1993) Fast neural networks without multipliers. IEEE Trans Neural Netw 4(1):53–62

    Article  Google Scholar 

  20. Mohammadi R, Javidan R, Conti M (2017) Slicots: an sdn-based lightweight countermeasure for tcp syn flooding attacks. IEEE Trans Netw Service Management

  21. Moshref M, Bhargava A, Gupta A, Yu M, Govindan R (2014) Flow-level state transition as a new switch primitive for sdn. In: Proceedings of the third workshop on hot topics in software defined networking. ACM, pp 61–66

  22. NetFPGA (2018) NetFPGA-10g information. https://www.opennetworking.org

  23. Ngo DM, Pham-Quoc C, Ngoc Thinh T (2018) An efficient high-throughput and low-latency syn flood defender for high-speed networks. Secur Commun Netw 2018

  24. Nichols KR, Moussa MA, Areibi SM (2002) Feasibility of floating-point arithmetic in fpga based artificial neural networks. In: CAINE. Citeseer

  25. Nordström T, Svensson B (1992) Using and designing massively parallel computers for artificial neural networks. J Parallel Distr Comput 14(3):260–285

    Article  Google Scholar 

  26. Nurvitadhi E, Venkatesh G, Sim J, Marr D, Huang R, Ong Gee Hock J, Liew YT, Srivatsan K, Moss D, Subhaschandra S, et al. (2017) Can fpgas beat gpus in accelerating next-generation deep neural networks?. In: Proceedings of the 2017 ACM/SIGDA international symposium on field-programmable gate arrays. ACM, pp 5–14

  27. Opennetworking (2019) Open networking foundation (ONF). https://netfpga.org/10G_specs.html

  28. Opennetworking (2018) Software-defined networking (SDN) definition. https://www.opennetworking.org/sdn-definition/

  29. Pham-Quoc C, Al-Ars Z, Bertels K (2013) Heterogeneous hardware accelerators interconnect: an overview. In: Proceedings of the 2013 NASA/ESA conference on adaptive hardware and systems, AHS 2013, pp 189–195

  30. Pham-Quoc C, NGO DM, THINH T (2019) Hpofs: a high performance and secured openflow switch architecture for fpga. Adv in Electrical and Comput Eng 19:19–28. https://doi.org/10.4316/AECE.2019.03003

    Article  Google Scholar 

  31. Pham-Quoc C, Nguyen B, Thinh TN (2017) Fpga-based multicore architecture for integrating multiple ddos defense mechanisms. SIGARCH Comput Archit News 44(4):14–19. https://doi.org/10.1145/3039902.3039906. http://doi.acm.org/10.1145/3039902.3039906

    Article  Google Scholar 

  32. Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for openflow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM, pp 121–126

  33. Scott-Hayward S, Natarajan S, Sezer S (2015) A survey of security in software defined networks. IEEE Commun Surveys Tutorials 18(1):623–654

    Article  Google Scholar 

  34. Sheela KG, Deepa SN (2013) Review on methods to fix number of hidden neurons in neural networks. Math Probl Eng 2013

  35. Shin S, Porras P, Yegneswaran V, Fong MW, Gu G, Tyson M (2013) Fresco: modular composable security services for software-defined networks. In: NDSS

  36. Shin S, Yegneswaran V, Porras P, Gu G (2013) Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security. ACM, pp 413–424

  37. Sidana M (2019) Types of classification algorithms in machine learning. https://medium.com/@Mandysidana/machine-learning-types-of-classification-9497bd4f2e14

  38. skymind.ai (2019) Artificial intelligence (AI) vs. machine learning vs. deep learning. https://skymind.ai/wiki/ai-vs-machine-learning-vs-deep-learning

  39. Sonchack J, Smith JM, Aviv AJ, Keller E (2016) Enabling practical software-defined networking security applications with ofx. In: NDSS, vol 16, pp 1–15

  40. Song H, Lockwood JW (2005) Efficient packet classification for network intrusion detection using fpga. In: Proceedings of the 2005 ACM/SIGDA 13th international symposium on field-programmable gate arrays. ACM, pp 238–245

  41. Tools K (2019) hping3 package description. https://tools.kali.org/information-gathering/hping3

  42. Tran C, Vo TN, Thinh TN (2017) Ha-ids: a heterogeneous anomaly-based intrusion detection system. In: 2017 4th NAFOSTED conference on information and computer science. IEEE, pp 156–161

  43. Tran-Thanh B, Pham-Quoc C, Thinh TN (2018) Openflow switches with integrated tiny nids to mitigate network attacks. Int J Comput Eng Inf Technol 10(6):85–91

    Google Scholar 

  44. Wang P, Chao KM, Lin HC, Lin WH, Lo CC (2016) An efficient flow control approach for sdn-based network threat detection and migration using support vector machine. In: 2016 IEEE 13th international conference on e-business engineering (ICEBE). IEEE, pp 56–63

  45. Witten IH (2019) Learn more about sigmoid function. https://www.sciencedirect.com/topics/computer-science/sigmoid-function

  46. Xilinx (2018) Planahead design and analysis tool. https://www.xilinx.com/products/design-tools/planahead.html

  47. Xilinx (2018) Xilinx platform studio (XPS). https://www.xilinx.com/products/design-tools/xps.html

  48. Zhu J, Milne GJ, Gunther B (1999) Towards an fpga based reconfigurable computing environment for neural network implementations

  49. Zhu S, Bi J, Sun C, Wu C, Hu H (2015) Sdpa: enhancing stateful forwarding for software-defined networking. In: 2015 IEEE 23rd international conference on network protocols (ICNP). IEEE, pp 323–333

Download references

Acknowledgments

This research is funded by Ho Chi Minh City University of Technology, VNU-HCM, under Grant no. BK-SDH-2019-1770024.

Author information

Authors and Affiliations

  1. Ho Chi Minh City University of Technology, VNU-HCM, Ho Chi Minh City, Vietnam

    Duc-Minh Ngo, Cuong Pham-Quoc & Tran Ngoc Thinh

Authors
  1. Duc-Minh Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cuong Pham-Quoc
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tran Ngoc Thinh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cuong Pham-Quoc.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ngo, DM., Pham-Quoc, C. & Thinh, T.N. Heterogeneous Hardware-based Network Intrusion Detection System with Multiple Approaches for SDN. Mobile Netw Appl 25, 1178–1192 (2020). https://doi.org/10.1007/s11036-019-01437-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-019-01437-x

Keywords

Search

Navigation