Software Defined Networking and Cyber Security

A special issue of Future Internet (ISSN 1999-5903). This special issue belongs to the section "Cybersecurity".

Deadline for manuscript submissions: closed (30 March 2022) | Viewed by 13924

Special Issue Editors


E-Mail Website
Guest Editor
Department of Computing and Cyber Security at the Texas A&M, San Antonio, TX 78224, USA
Interests: software engineering; software defined networking; software testing and cyber security
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Department of Computer Science and software engineering, Monmouth University, West Long Branch, NJ 07764, USA
Interests: networking security; software-defined networking security; machine learning; deep learning

Special Issue Information

Dear Colleagues,

Cyber security fields evolved most recently to cover more and more applications. Machine learning algorithms and models are used to build security controls that can learn from previous malwares and threats and use such knowledge to predict future ones. Autonomous and intelligence security controls that use machine learning exist in many information systems and applications around us. The integration of cyber security and machine learning covers also subjects related to attackers attempts to target and manipulate machine learning models and algorithms. In this scope, this call for papers looks for research papers within the integration of cyber security, and machine learning.

Potential topics include but are not limited to:

  • Research on SDN testbeds related to cyber security
  • Autonomous security controls
  • Autonomous IDS/IPS and firewalls
  • Automatic and adversarial machine learning
  • Wireless and mobile programmable security

Dr. Izzat Alsmadi
Dr. Samer khamaiseh
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1600 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • software-defined networking
  • autonomous security
  • programable networks
  • adversarial machine learning

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

20 pages, 566 KiB  
Article
The Robustness of Detecting Known and Unknown DDoS Saturation Attacks in SDN via the Integration of Supervised and Semi-Supervised Classifiers
by Samer Khamaiseh, Abdullah Al-Alaj, Mohammad Adnan and Hakam W. Alomari
Future Internet 2022, 14(6), 164; https://doi.org/10.3390/fi14060164 - 27 May 2022
Cited by 4 | Viewed by 1886
Abstract
The design of existing machine-learning-based DoS detection systems in software-defined networking (SDN) suffers from two major problems. First, the proper time window for conducting network traffic analysis is unknown and has proven challenging to determine. Second, it is unable to detect unknown types [...] Read more.
The design of existing machine-learning-based DoS detection systems in software-defined networking (SDN) suffers from two major problems. First, the proper time window for conducting network traffic analysis is unknown and has proven challenging to determine. Second, it is unable to detect unknown types of DoS saturation attacks. An unknown saturation attack is an attack that is not represented in the training data. In this paper, we evaluate three supervised classifiers for detecting a family of DDoS flooding attacks (UDP, TCP-SYN, IP-Spoofing, TCP-SARFU, and ICMP) and their combinations using different time windows. This work represents an extension of the runner-up best-paper award entitled ‘Detecting Saturation Attacks in SDN via Machine Learning’ published in the 2019 4th International Conference on Computing, Communications and Security (ICCCS). The results in this paper show that the trained supervised models fail in detecting unknown saturation attacks, and their overall detection performance decreases when the time window of the network traffic increases. Moreover, we investigate the performance of four semi-supervised classifiers in detecting unknown flooding attacks. The results indicate that semi-supervised classifiers outperform the supervised classifiers in the detection of unknown flooding attacks. Furthermore, to further increase the possibility of detecting the known and unknown flooding attacks, we propose an enhanced hybrid approach that combines two supervised and semi-supervised classifiers. The results demonstrate that the hybrid approach has outperformed individually supervised or semi-supervised classifiers in detecting the known and unknown flooding DoS attacks in SDN. Full article
(This article belongs to the Special Issue Software Defined Networking and Cyber Security)
Show Figures

Figure 1

19 pages, 891 KiB  
Article
Quantum Key Distribution in Kubernetes Clusters
by Ignazio Pedone and Antonio Lioy
Future Internet 2022, 14(6), 160; https://doi.org/10.3390/fi14060160 - 25 May 2022
Cited by 1 | Viewed by 3130
Abstract
Quantum Key Distribution (QKD) represents a reasonable countermeasure to the advent of Quantum Computing and its impact on current public-key cryptography. So far, considerable efforts have been devoted to investigate possible application scenarios for QKD in several domains such as Cloud Computing and [...] Read more.
Quantum Key Distribution (QKD) represents a reasonable countermeasure to the advent of Quantum Computing and its impact on current public-key cryptography. So far, considerable efforts have been devoted to investigate possible application scenarios for QKD in several domains such as Cloud Computing and NFV. This paper extends a previous work whose main objective was to propose a new software stack, the Quantum Software Stack (QSS), to integrate QKD into software-defined infrastructures. The contribution of this paper is twofold: enhancing the previous work adding functionalities to the first version of the QSS, and presenting a practical integration of the QSS in Kubernetes, which is the de-facto standard for container orchestration. Full article
(This article belongs to the Special Issue Software Defined Networking and Cyber Security)
Show Figures

Figure 1

16 pages, 2507 KiB  
Article
SD-BROV: An Enhanced BGP Hijacking Protection with Route Validation in Software-Defined eXchange
by Pang-Wei Tsai, Aris Cahyadi Risdianto, Meng Hui Choi, Satis Kumar Permal and Teck Chaw Ling
Future Internet 2021, 13(7), 171; https://doi.org/10.3390/fi13070171 - 30 Jun 2021
Cited by 4 | Viewed by 3293
Abstract
In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a [...] Read more.
In global networks, Border Gateway Protocol (BGP) is widely used in exchanging routing information. While the original design of BGP did not focus on security protection against deliberate or accidental errors regarding to routing disruption, one of fundamental vulnerabilities in BGP is a lack of insurance in validating authority for announcing network layer reachability. Therefore, a distributed repository system known as Resource Public Key Infrastructure (RPKI) has been utilized to mitigate this issue. However, such a validation requires further deployment steps for Autonomous System (AS), and it might cause performance and compatibility problems in legacy network infrastructure. Nevertheless, with recent advancements in network innovation, some traditional networks are planning to be restructured with Software-Defined Networking (SDN) technology for gaining more benefits. By using SDN, Internet eXchange Point (IXP) is able to enhance its capability of management by applying softwarized control methods, acting as a Software-Defined eXchange (SDX) center to handle numerous advertisement adaptively. To use the SDN method to strengthen routing security of IXP, this paper proposed an alternative SDX development, SD-BROV, an SDX-based BGP Route Origin Validation mechanism that establishes a flexible route exchange scenario with RPKI validation. The validating application built in the SDN controller is capable of investigating received routing information. It aims to support hybrid SDN environments and help non-SDN BGP neighbors to get trusted routes and drop suspicious ones in transition. To verify proposed idea with emulated environment, the proof-of-concept development is deployed on an SDN testbed running over Research and Education Networks (RENs). During BGP hijacking experiment, the results show that developed SD-BROV is able to detect and stop legitimate traffic to be redirected by attacker, making approach to secure traffic forwarding on BGP routers. Full article
(This article belongs to the Special Issue Software Defined Networking and Cyber Security)
Show Figures

Figure 1

Review

Jump to: Research

15 pages, 247 KiB  
Review
Misconfiguration in Firewalls and Network Access Controls: Literature Review
by Michael Alicea and Izzat Alsmadi
Future Internet 2021, 13(11), 283; https://doi.org/10.3390/fi13110283 - 8 Nov 2021
Cited by 4 | Viewed by 4480
Abstract
Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the [...] Read more.
Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the access control roles added to the firewall that will control network traffic. In this paper, we evaluated recent research trends and open challenges related to firewalls and access controls in general and misconfiguration problems in particular. With the recent advances in next-generation (NG) firewalls, firewall roles can be auto-generated based on networks and threats. Nonetheless, and due to the large number of roles in any medium to large networks, roles’ misconfiguration may occur for several reasons and will impact the performance of the firewall and overall network and protection efficiency. Full article
(This article belongs to the Special Issue Software Defined Networking and Cyber Security)
Back to TopTop