Affiliation:
1. School of Computing and Information Technology, University of Wollongong, Wollongong, NSW 2522, Australia
Abstract
Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%.
Subject
Electrical and Electronic Engineering,Computer Networks and Communications
Reference57 articles.
1. A comprehensive survey on SDN security: Threats, mitigations, and future directions;Maleh;J. Reliab. Intell. Environ.,2022
2. A survey of security in software defined networks;Natarajan;IEEE Commun. Surv. Tutor.,2015
3. Security in SDN: A comprehensive survey;Chica;J. Netw. Comput. Appl.,2020
4. Liu, Y., Wang, Y., and Zhang, J. (2012, January 14–16). New machine learning algorithm: Random forest. Proceedings of the Information Computing and Applications: Third International Conference, ICICA 2012, Chengde, China. Proceedings 3.
5. Classification based on decision tree algorithm for machine learning;Jijo;Evaluation,2021