SlideShare a Scribd company logo

ioT_SDN

Download as PPTX, PDF
Raluca Ciungu
Raluca Ciungu

This document summarizes a master's thesis project on improving Internet of Things (IoT) security with Software Defined Networking (SDN). The project involved designing an IoT security architecture using SDN, developing an anomaly detection algorithm, and evaluating the algorithm's performance on a testbed. Key results were that a standard deviation threshold of 10 and window size of 10 seconds detected anomalies with the lowest errors. The architecture detected and mitigated attacks by inserting rules to block malicious traffic. Future work could apply the approach to more sensors and different security architectures.

1 of 28
Improving Internet of Things Security with Sofware Defined Networking Master Degree in Applied Telecommunication Engineering and Management Specialization: Telecommunication Policies and Business Management Date : 4th of March 2016 Student: Raluca Ciungu Tutors: Ricard Vilalta (CTTC), David Pubill (CTTC), David Ricon (UPC) 1
Motivation: Why this Project? Really??? 2
Outline Introduction 1. State of the art Internet of Things Software Defined Networking Security applied in Internet of Things 2. IoT Security with SDN 3. Experimental results 4. Conclusions and future lines 3
Planning of the Master Thesis Begin: July 2015 November 2015 January 2016 SDN, IOT, Algorithms , Methods SDN, IOT, Algorithms, Methods Python, Mininet, Opendaylight October 2015 Security algorithm End: February 2016 Agile 4
IoT is here now-and Growing! Cisco: “50 billions smart devices by 2020” HP: “A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business.” Mario Campolargo, DG Connect, European Commission: “IoT will boost the economy while improving our citizens’ lives. In order to enable a fast uptake of the IoT, key issues like identification, privacy and security and semantic interoperability have to be tackled. “ 5
Section 1. State of the Art 6
Internet of Things (IoT) ITU-IoT: “global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies” Sensors Gateways Actuators WSN IoT applications  Smart Cities  Smart Lighting  Air pollution  Smart roads  River floods  … 7
Sofware Defined Networking SDN: viable alternative network architecture that splits the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. SDN architecture - Directly programmable - Agile - Centraly managed - Programmatically configured - Open standards based and Vendor neutral 8
SDN Controller SW1 CISCO SW2 Alcatel SW3 Juniper ADMIN 9
OpenFlow OpenFlow: provides an open protocol to program the flow-table in different switches and routers and establish a shared management of the traffic flow. For example, a network administrator can partition traffic into production and research flows. Communication of OF Switch with a Controller - Flow Table with an action associated to each flow entry, to tell the switch to process the flow - Secure channel connects the switch to a remote control process (called the controller) - The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch. 10
IoT Security Architecture Malware MonitorGeneric Architecture Network Intrusion Detection System (ANIDS) - Anomaly detection engine: detects any occurence of intrusion either online or offline. - Pre-processing: misuse detection aproach - Matching mechanism: attacks can be detected using anomaly-based approach - Elastic load balancer: network traffic slicing – SDN controller -Detectors: OF_SW inspect each packet received and mantain flow statistics -Decision module: performs correlation between flows to detect attacks. 11
IoT Security Architecture Simplified model of Architecture Intrusion Detection System - Collector module: collects flow and periodically export it to Anomaly Detection module - Anomaly Detection module: for every time window this module inspects the flows received from the Collector modules - Anomaly Mitigation module: neutralize indentified attacks, inserting flow-entries in the flow table of the of the Open Flow switch in order to block the undesired attacks 12
Anomaly detection and mitigation Anomaly detection methods - Statistical methods and systems - Classification-based methods and systems - Clustering and Outlier-based methods and systems - Soft computing methods and systems - Knowledge-based methods and systems Anomaly mitigation methods - Rate Limitting : regulation of the rate at which flows are allowed to inject packets into the network - Flow interruption : the flow rule is directly removed from the SDN controller 13
Section 2. IoT Security with SDN 14
IoT Security architecture SDN/NFV Edge Node Temperature Sensor Air pollution Sensor Gateways Condition Standard Deviation 15
E2E security App • Collector Module – This module collects flow information and periodically exports them to the Anomaly Detection module. – From the SDN controller flow information we can estimate the following data per flow: • Packets per second. • Bytes per second. • Anomaly Detection Module – For every time window this module inspects all flow entries, exposing any flow-related network anomaly and identifying a potential attacker or the victim of the attack. • Anomaly Mitigation Module – Neutralizes identified attacks. – Inserts flow meters in the flow table of the Open Flow switch (or removes existing flows) in order to block/mitigate the desired malicious traffic. 16
Algorithm evaluation • Objective 1: Evaluate the performance of the algorithm  Is it capable of detecting attacks? • Objective 2: detect the ideal length of window and standard deviation for which the error to detect the traffic malware is the smallest. Methodology: - Modeling of dangerous flows • A bad flow is created with a probability of 10%. A bad flow has different properties: – The number of packets per second are duplicated (in comparison with a conformant flow). – Packet size is also 50% increased. - Comparison of obtained result with generated result: False positives, False negatives. 17
Evaluation Results 0.0 50.0 100.0 2 4 8 10 12 Error (%) vs N_SIGMA 0.0 10.0 20.0 5 10 20 Error (%) vs WINDOW a) N_SIGMA, pkts/s, error (%) b) N_SIGMA=10, pkts/s, window, error (%) - Best Results  N_SIGMA=10  Detected malware error=13,8% - Observations:  N_SIGMA too low detects false positives - Best Results  Window size=10 s  Detected malware error= 3,9% - Observations :  Small window size doesn’t leave time to measure the flow N_SIGMA 18
Evaluation Results 0.0 50.0 100.0 2 4 8 10 12 Error (%) vs N_SIGMA 0.00 5.00 10.00 5 10 20 Error (%) vs WINDOW c) N_SIGMA, bytes/s, error (%) d) N_SIGMA=10, bytes/s, window, error (%) - Best Results  N_SIGMA=10  Detected malware error=6,5% - Observations:  N_SIGMA too low detects false positives - Best Results  Window size =10 s  Detected malware error=0,03% - Observations:  Small window size doesn’t leave time to measure the flow N_SIGMA 19
Section 3. Experimental results 20
CTTC ADRENALINE-IoT world Testbeds WSON/SSON GMPLS Controller GMPLS Controller GMPLS Controller GMPLS Controller CoreAggregationIoTworld SDN/NFV edge node Metro DC Core DC Integrated Cloud and Network Orchestrator Active Stateful PCE TED DC SDN Ctl Metro SDN Ctl Edge SDN Ctl Edge Cloud Ctl Metro Cloud Ctl Core Cloud Ctl Multi-domain SDN OrchestratorCloud Orchestrator IoT CO2 WSN IoT Heat WSN IoT GW 1 IoT GW 2 21
5G Cloud/Fog and SDN/NFV orchestrator • Provides E2E connections interacting with several controllers. • Security app is only local to the edge SDN controller. ¸ 22
Experimental results Testbed description Flow description Gateway 1 Gateway 2 SDN/NFV Edge Node 23
Experimental results IoT SQL Database 24
Experimental results Wireshark: Anomaly Mitigation Flow eliminated From SW1. 25
Conclusions • Detection of the ideal parameters, window length and standard deviation are of paramount importance in detecting the outliers • Small standard deviation Algorithm efficiency • To small window size doesn’t leave time to properly measure the standard deviation 26
Future Lines • Apply the algorithm to a higher number of sensors • Apply a analyse a different type of security architecture, as for example Generic Architecture Network Intrusion Detection System (ANIDS) • Apply a different anomaly method – K-means 27
Thank you for your attention! Q&A 28

Recommended

Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
Ahmed Ayman
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending Network
Swarna Gautam
 
Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Business Transformation with Microsoft Azure IoT
Business Transformation with Microsoft Azure IoTBusiness Transformation with Microsoft Azure IoT
Business Transformation with Microsoft Azure IoT
Ilyas F ☁☁☁
 

Recommended

Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)Security of software defined networking (sdn) and cognitive radio network (crn)
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Software Defined Network (SDN)
Software Defined Network (SDN)Software Defined Network (SDN)
Software Defined Network (SDN)
Ahmed Ayman
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
AlgoSec
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
sreelekha appakondappagari
 
Self Defending Network
Self Defending NetworkSelf Defending Network
Self Defending Network
Swarna Gautam
 
Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Business Transformation with Microsoft Azure IoT
Business Transformation with Microsoft Azure IoTBusiness Transformation with Microsoft Azure IoT
Business Transformation with Microsoft Azure IoT
Ilyas F ☁☁☁
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
Mohamed Elfadly
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
Jinia Bhowmik
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Iot presentation
Iot presentationIot presentation
Iot presentation
huma742446
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
Pallavi Chhikara
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt
sutrishnakar1995
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor network
Adit Pathak
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
Dinis Guarda
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Cloud Computing Tools
Cloud Computing ToolsCloud Computing Tools
Cloud Computing Tools
Jithin Parakka
 
PACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network Segmentation
Pace IT at Edmonds Community College
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Firewall
FirewallFirewall
Firewall
sajeena81
 
New NeXt for Advanced Developers
New NeXt for Advanced DevelopersNew NeXt for Advanced Developers
New NeXt for Advanced Developers
Cisco DevNet
 
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
Sagar Rai
 

More Related Content

What's hot

A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
Mohamed Elfadly
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
Jinia Bhowmik
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Iot presentation
Iot presentationIot presentation
Iot presentation
huma742446
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
Pallavi Chhikara
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt
sutrishnakar1995
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
MarketingArrowECS_CZ
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor network
Adit Pathak
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
Sanjay Kumar (Seeking options outside India)
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
Dinis Guarda
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
Ulf Mattsson
 
Cloud Computing Tools
Cloud Computing ToolsCloud Computing Tools
Cloud Computing Tools
Jithin Parakka
 
PACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network Segmentation
Pace IT at Edmonds Community College
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Firewall
FirewallFirewall
Firewall
sajeena81
 

What's hot (20)

A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detection
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Iot presentation
Iot presentationIot presentation
Iot presentation
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Security in wireless sensor network
Security in wireless sensor networkSecurity in wireless sensor network
Security in wireless sensor network
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 
Blockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis GuardaBlockchain in IoT and Other Considerations by Dinis Guarda
Blockchain in IoT and Other Considerations by Dinis Guarda
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Cloud Computing Tools
Cloud Computing ToolsCloud Computing Tools
Cloud Computing Tools
 
PACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network SegmentationPACE-IT: The Importance of Network Segmentation
PACE-IT: The Importance of Network Segmentation
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 

Viewers also liked

New NeXt for Advanced Developers
New NeXt for Advanced DevelopersNew NeXt for Advanced Developers
New NeXt for Advanced Developers
Cisco DevNet
 
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
Sagar Rai
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
Srinivasa Addepalli
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFV
Cisco DevNet
 
DEVNET-1154 Open Source Presentation on Open Standards
DEVNET-1154 Open Source Presentation on Open StandardsDEVNET-1154 Open Source Presentation on Open Standards
DEVNET-1154 Open Source Presentation on Open Standards
Cisco DevNet
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
Cisco DevNet
 
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
Cisco DevNet
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016
Cisco DevNet
 
Smart Citizen Kit in Barcelona, Amsterdam & Manchester
Smart Citizen Kit in Barcelona, Amsterdam & ManchesterSmart Citizen Kit in Barcelona, Amsterdam & Manchester
Smart Citizen Kit in Barcelona, Amsterdam & Manchester
Frank Kresin
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
Apigee | Google Cloud
 
SDN Abstractions
SDN AbstractionsSDN Abstractions
SDN Abstractions
martin_casado
 
Software-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to NetworkingSoftware-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to Networking
Anju Ann
 
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
SDN and NFV integrated OpenStack Cloud - Birds eye view on SecuritySDN and NFV integrated OpenStack Cloud - Birds eye view on Security
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
Trinath Somanchi
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
Basim Aly (JNCIP-SP, JNCIP-ENT)
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
rjain51
 
Current and Future Directions of Internet of Things
Current and Future Directions of Internet of ThingsCurrent and Future Directions of Internet of Things
Current and Future Directions of Internet of Things
Dr. Mazlan Abbas
 

Viewers also liked (16)

New NeXt for Advanced Developers
New NeXt for Advanced DevelopersNew NeXt for Advanced Developers
New NeXt for Advanced Developers
 
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
SDN( Software Defined Network) and NFV(Network Function Virtualization) for I...
 
SDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_NetworksSDN_and_NFV_technologies_in_IoT_Networks
SDN_and_NFV_technologies_in_IoT_Networks
 
DEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFVDEVNET-1114 Automated Management Using SDN/NFV
DEVNET-1114 Automated Management Using SDN/NFV
 
DEVNET-1154 Open Source Presentation on Open Standards
DEVNET-1154 Open Source Presentation on Open StandardsDEVNET-1154 Open Source Presentation on Open Standards
DEVNET-1154 Open Source Presentation on Open Standards
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
 
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
OpenStack and OpenDaylight, The Evolving Relationship in Cloud Networking: a ...
 
DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016DevNet Express - Spark & Tropo API - Lisbon May 2016
DevNet Express - Spark & Tropo API - Lisbon May 2016
 
Smart Citizen Kit in Barcelona, Amsterdam & Manchester
Smart Citizen Kit in Barcelona, Amsterdam & ManchesterSmart Citizen Kit in Barcelona, Amsterdam & Manchester
Smart Citizen Kit in Barcelona, Amsterdam & Manchester
 
API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)API Management for Software Defined Network (SDN)
API Management for Software Defined Network (SDN)
 
SDN Abstractions
SDN AbstractionsSDN Abstractions
SDN Abstractions
 
Software-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to NetworkingSoftware-Defined Networking(SDN):A New Approach to Networking
Software-Defined Networking(SDN):A New Approach to Networking
 
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
SDN and NFV integrated OpenStack Cloud - Birds eye view on SecuritySDN and NFV integrated OpenStack Cloud - Birds eye view on Security
SDN and NFV integrated OpenStack Cloud - Birds eye view on Security
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
Current and Future Directions of Internet of Things
Current and Future Directions of Internet of ThingsCurrent and Future Directions of Internet of Things
Current and Future Directions of Internet of Things
 

Similar to ioT_SDN

FIOT_Uni4.pptx
FIOT_Uni4.pptxFIOT_Uni4.pptx
FIOT_Uni4.pptx
RishikeshPathak10
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
Force 3
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET Journal
 
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Enrique Martin
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
Raghav Bisht
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection System
IJMTST Journal
 
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
IJCNCJournal
 
Jprofessionals co create the future of your city
Jprofessionals co create the future of your cityJprofessionals co create the future of your city
Jprofessionals co create the future of your city
Pance Cavkovski
 
A05510105
A05510105A05510105
A05510105
IOSR-JEN
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...
Stefano Salsano
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 
Net Defender
Net DefenderNet Defender
Net Defender
krishna maddikara
 
IRJET - Surveillance System for Petroleum Industry
IRJET - Surveillance System for Petroleum IndustryIRJET - Surveillance System for Petroleum Industry
IRJET - Surveillance System for Petroleum Industry
IRJET Journal
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
bhavuksharma10
 
D-STREAMON - NFV-capable distributed framework for network monitoring
D-STREAMON - NFV-capable distributed framework for network monitoringD-STREAMON - NFV-capable distributed framework for network monitoring
D-STREAMON - NFV-capable distributed framework for network monitoring
Stefano Salsano
 
Cerita
CeritaCerita
Cerita
Lakeisha Jones
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
IJCNCJournal
 
A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...
IJCNCJournal
 
Netdefender
NetdefenderNetdefender
Netdefender
krishna Maddikara
 
SerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsSerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patterns
HITSerIoTProject
 

Similar to ioT_SDN (20)

FIOT_Uni4.pptx
FIOT_Uni4.pptxFIOT_Uni4.pptx
FIOT_Uni4.pptx
 
Detect Threats Faster
Detect Threats FasterDetect Threats Faster
Detect Threats Faster
 
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN AlgorithmIRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
IRJET - Network Traffic Monitoring and Botnet Detection using K-ANN Algorithm
 
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
Industrial Control System Network Cyber Security Monitoring Solution (SCAB)
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Cloud Based intrusion Detection System
Cloud Based intrusion Detection SystemCloud Based intrusion Detection System
Cloud Based intrusion Detection System
 
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...
 
Jprofessionals co create the future of your city
Jprofessionals co create the future of your cityJprofessionals co create the future of your city
Jprofessionals co create the future of your city
 
A05510105
A05510105A05510105
A05510105
 
The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...The SCISSOR approach to establishing situational awareness in Industrial Cont...
The SCISSOR approach to establishing situational awareness in Industrial Cont...
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
Net Defender
Net DefenderNet Defender
Net Defender
 
IRJET - Surveillance System for Petroleum Industry
IRJET - Surveillance System for Petroleum IndustryIRJET - Surveillance System for Petroleum Industry
IRJET - Surveillance System for Petroleum Industry
 
Training manual on scada
Training manual on scadaTraining manual on scada
Training manual on scada
 
D-STREAMON - NFV-capable distributed framework for network monitoring
D-STREAMON - NFV-capable distributed framework for network monitoringD-STREAMON - NFV-capable distributed framework for network monitoring
D-STREAMON - NFV-capable distributed framework for network monitoring
 
Cerita
CeritaCerita
Cerita
 
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
A COMBINATION OF THE INTRUSION DETECTION SYSTEM AND THE OPEN-SOURCE FIREWALL ...
 
A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...A Combination of the Intrusion Detection System and the Open-source Firewall ...
A Combination of the Intrusion Detection System and the Open-source Firewall ...
 
Netdefender
NetdefenderNetdefender
Netdefender
 
SerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patternsSerIoT Traffic Generator and Detector of malicious traffic patterns
SerIoT Traffic Generator and Detector of malicious traffic patterns
 

ioT_SDN

  • 1. Improving Internet of Things Security with Sofware Defined Networking Master Degree in Applied Telecommunication Engineering and Management Specialization: Telecommunication Policies and Business Management Date : 4th of March 2016 Student: Raluca Ciungu Tutors: Ricard Vilalta (CTTC), David Pubill (CTTC), David Ricon (UPC) 1
  • 2. Motivation: Why this Project? Really??? 2
  • 3. Outline Introduction 1. State of the art Internet of Things Software Defined Networking Security applied in Internet of Things 2. IoT Security with SDN 3. Experimental results 4. Conclusions and future lines 3
  • 4. Planning of the Master Thesis Begin: July 2015 November 2015 January 2016 SDN, IOT, Algorithms , Methods SDN, IOT, Algorithms, Methods Python, Mininet, Opendaylight October 2015 Security algorithm End: February 2016 Agile 4
  • 5. IoT is here now-and Growing! Cisco: “50 billions smart devices by 2020” HP: “A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business.” Mario Campolargo, DG Connect, European Commission: “IoT will boost the economy while improving our citizens’ lives. In order to enable a fast uptake of the IoT, key issues like identification, privacy and security and semantic interoperability have to be tackled. “ 5
  • 6. Section 1. State of the Art 6
  • 7. Internet of Things (IoT) ITU-IoT: “global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies” Sensors Gateways Actuators WSN IoT applications  Smart Cities  Smart Lighting  Air pollution  Smart roads  River floods  … 7
  • 8. Sofware Defined Networking SDN: viable alternative network architecture that splits the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. SDN architecture - Directly programmable - Agile - Centraly managed - Programmatically configured - Open standards based and Vendor neutral 8
  • 10. OpenFlow OpenFlow: provides an open protocol to program the flow-table in different switches and routers and establish a shared management of the traffic flow. For example, a network administrator can partition traffic into production and research flows. Communication of OF Switch with a Controller - Flow Table with an action associated to each flow entry, to tell the switch to process the flow - Secure channel connects the switch to a remote control process (called the controller) - The OpenFlow Protocol, which provides an open and standard way for a controller to communicate with a switch. 10
  • 11. IoT Security Architecture Malware MonitorGeneric Architecture Network Intrusion Detection System (ANIDS) - Anomaly detection engine: detects any occurence of intrusion either online or offline. - Pre-processing: misuse detection aproach - Matching mechanism: attacks can be detected using anomaly-based approach - Elastic load balancer: network traffic slicing – SDN controller -Detectors: OF_SW inspect each packet received and mantain flow statistics -Decision module: performs correlation between flows to detect attacks. 11
  • 12. IoT Security Architecture Simplified model of Architecture Intrusion Detection System - Collector module: collects flow and periodically export it to Anomaly Detection module - Anomaly Detection module: for every time window this module inspects the flows received from the Collector modules - Anomaly Mitigation module: neutralize indentified attacks, inserting flow-entries in the flow table of the of the Open Flow switch in order to block the undesired attacks 12
  • 13. Anomaly detection and mitigation Anomaly detection methods - Statistical methods and systems - Classification-based methods and systems - Clustering and Outlier-based methods and systems - Soft computing methods and systems - Knowledge-based methods and systems Anomaly mitigation methods - Rate Limitting : regulation of the rate at which flows are allowed to inject packets into the network - Flow interruption : the flow rule is directly removed from the SDN controller 13
  • 14. Section 2. IoT Security with SDN 14
  • 15. IoT Security architecture SDN/NFV Edge Node Temperature Sensor Air pollution Sensor Gateways Condition Standard Deviation 15
  • 16. E2E security App • Collector Module – This module collects flow information and periodically exports them to the Anomaly Detection module. – From the SDN controller flow information we can estimate the following data per flow: • Packets per second. • Bytes per second. • Anomaly Detection Module – For every time window this module inspects all flow entries, exposing any flow-related network anomaly and identifying a potential attacker or the victim of the attack. • Anomaly Mitigation Module – Neutralizes identified attacks. – Inserts flow meters in the flow table of the Open Flow switch (or removes existing flows) in order to block/mitigate the desired malicious traffic. 16
  • 17. Algorithm evaluation • Objective 1: Evaluate the performance of the algorithm  Is it capable of detecting attacks? • Objective 2: detect the ideal length of window and standard deviation for which the error to detect the traffic malware is the smallest. Methodology: - Modeling of dangerous flows • A bad flow is created with a probability of 10%. A bad flow has different properties: – The number of packets per second are duplicated (in comparison with a conformant flow). – Packet size is also 50% increased. - Comparison of obtained result with generated result: False positives, False negatives. 17
  • 18. Evaluation Results 0.0 50.0 100.0 2 4 8 10 12 Error (%) vs N_SIGMA 0.0 10.0 20.0 5 10 20 Error (%) vs WINDOW a) N_SIGMA, pkts/s, error (%) b) N_SIGMA=10, pkts/s, window, error (%) - Best Results  N_SIGMA=10  Detected malware error=13,8% - Observations:  N_SIGMA too low detects false positives - Best Results  Window size=10 s  Detected malware error= 3,9% - Observations :  Small window size doesn’t leave time to measure the flow N_SIGMA 18
  • 19. Evaluation Results 0.0 50.0 100.0 2 4 8 10 12 Error (%) vs N_SIGMA 0.00 5.00 10.00 5 10 20 Error (%) vs WINDOW c) N_SIGMA, bytes/s, error (%) d) N_SIGMA=10, bytes/s, window, error (%) - Best Results  N_SIGMA=10  Detected malware error=6,5% - Observations:  N_SIGMA too low detects false positives - Best Results  Window size =10 s  Detected malware error=0,03% - Observations:  Small window size doesn’t leave time to measure the flow N_SIGMA 19
  • 21. CTTC ADRENALINE-IoT world Testbeds WSON/SSON GMPLS Controller GMPLS Controller GMPLS Controller GMPLS Controller CoreAggregationIoTworld SDN/NFV edge node Metro DC Core DC Integrated Cloud and Network Orchestrator Active Stateful PCE TED DC SDN Ctl Metro SDN Ctl Edge SDN Ctl Edge Cloud Ctl Metro Cloud Ctl Core Cloud Ctl Multi-domain SDN OrchestratorCloud Orchestrator IoT CO2 WSN IoT Heat WSN IoT GW 1 IoT GW 2 21
  • 22. 5G Cloud/Fog and SDN/NFV orchestrator • Provides E2E connections interacting with several controllers. • Security app is only local to the edge SDN controller. ¸ 22
  • 23. Experimental results Testbed description Flow description Gateway 1 Gateway 2 SDN/NFV Edge Node 23
  • 25. Experimental results Wireshark: Anomaly Mitigation Flow eliminated From SW1. 25
  • 26. Conclusions • Detection of the ideal parameters, window length and standard deviation are of paramount importance in detecting the outliers • Small standard deviation Algorithm efficiency • To small window size doesn’t leave time to properly measure the standard deviation 26
  • 27. Future Lines • Apply the algorithm to a higher number of sensors • Apply a analyse a different type of security architecture, as for example Generic Architecture Network Intrusion Detection System (ANIDS) • Apply a different anomaly method – K-means 27
  • 28. Thank you for your attention! Q&A 28