Detection of Incidents and Anomalies in Software-Defined Network – Based Implementations of Critical Infrastructure Resulting in Adaptive System Changes

Organiściak, Patryk; Kuraś, Paweł; Strzałka, Dominik; Paszkiewicz, Andrzej; Bolanowski, Marek; Kowal, Bartosz; Ćmil, Michał; Dymora, Paweł; Mazurek, Mirosław; Vanivska, Veronika

doi:10.12913/22998624/192641

Artykuł - szczegóły

Tytuł artykułu

Detection of Incidents and Anomalies in Software-Defined Network – Based Implementations of Critical Infrastructure Resulting in Adaptive System Changes

Autorzy

Organiściak Patryk , Kuraś Paweł , Strzałka Dominik , Paszkiewicz Andrzej , Bolanowski Marek , Kowal Bartosz , Ćmil Michał , Dymora Paweł , Mazurek Mirosław , Vanivska Veronika

Treść / Zawartość

Pełne teksty:

Organisciak_Kuras_Strzalka_Paszkiewicz_et.al._2024.pdf

Pobierz

Identyfikatory

DOI

10.12913/22998624/192641

Warianty tytułu

Języki publikacji

Abstrakty

In the paper an example of an integrated Software-Defined Network (SDN) system with heterogeneous technological instances based on the Linux platform will be shown. For this purpose, two research testing stands with a POX controller and OVS (Open vSwitch) switches were used. In the first testing stand, the research based on the ICMP traffic was done while in the second one, MQTT traffic was analysed. The capabilities of these systems were examined in terms of responding to detected incidents and traffic anomalies. In particular, their appropriate responses to anomalies were tested, as well as the possibility of continuous monitoring of packet transfer between separate network components. The aim of the paper is to investigate the effectiveness of SDN in enhancing the security and adaptability of critical infrastructure systems. For isolation and optimised resource management, some components, such as POX or the MQTT broker, were run in Docker containers. The test environment used both hardware cases and prepared software, enabling comprehensive design and testing of networks based on the OpenFlow protocol used in SDN architecture, enabling the separation of control from traffic in computer networks. The results of this research make it possible to implement anomaly detection solutions in critical infrastructure systems that will adapt on the fly to changing conditions that arise, for example, in the case of an attack on such infrastructure or physical damage to it at a selected node.

Słowa kluczowe

anomaly detection software-defined networks Open vSwitch open flow protocol adaptive system change

Wydawca

Lublin University of Technology
Polish Society of Ecological Engineering (PTIE), Branch of PTIE in Lublin

Czasopismo

Advances in Science and Technology. Research Journal

Rocznik

2024

Tom

Vol. 18, no. 7

Strony

176--191

Opis fizyczny

Bibliogr. 45 poz., fig., tab.

Twórcy

autor

Organiściak Patryk

org@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-5277-4038

autor

Kuraś Paweł

p.kuras@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-8658-0821

autor

Strzałka Dominik

strzalka@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-8887-4321

autor

Paszkiewicz Andrzej

andrzejp@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0001-7573-3856

autor

Bolanowski Marek

marekb@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0003-4645-967X

autor

Kowal Bartosz

b.kowal@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-7909-6484

autor

Ćmil Michał

m.cmil@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-5941-4385

autor

Dymora Paweł

dymorap@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-4473-823X

autor

Mazurek Mirosław

mmazurek@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

https://orcid.org/0000-0002-4366-1701

autor

Vanivska Veronika

v.vanivska@prz.edu.pl

Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów, Poland

Bibliografia

1. Sunday U.I., Akhibi S.D. Application of software-defined networking, European Journal of Computer Science and Information Technology, 2022; 10(2): 27–48.
2. Begović M., Čaušević S., Avdagić-Golub E. QoS management in software defined networks for IoT environment: an Overwiev, International Journal for Quality Research 2020; 15(1): 171–188.
3. Imran G.Z.; Alshahrani A., Fayaz A., Alghamdi A., Gwak J. A topical review on machine learning, software defined networking, internet of things applications: Research limitations and challenges. Electronics 2021; 10(8): 880.
4. Yang L., Anderson T.A., Gopal R., Dantu R. Forwarding and control element separation (ForCES) framework, RFC 3746, https://datatracker.ietf.org/doc/rfc3746/, 2018.
5. Borgianni L., Adami D., Giordano S., Pagano M. Enhancing reliability in rural networks using a software-defined wide area network. Computers 2024; 13(5): 113.
6. Jefia A.O., Popoola S.I., Atayero A.A Software Defined Networking: Current Trends, Challenges, and Future Directions, in Proceedings of the International Conference on Industrial Engineering and Operations Management, Washington DC, USA, September 2018; 27–29.
7. Sokappadu B., Hardin A., Mungur A., Armoogum S. Software Defined Networks: Issues and Challenges, 2019 Conference on Next Generation Computing Applications (NextComp), Mauritius, 2019; 1–5.
8. Semong T., Maupong T., Zungeru A.M., Tabona O., Dimakatso S., Boipelo G., Phuthego M. A review on software defined networking as a solution to link failures, Scientific African, 2023; 21: e01865.
9. Rout S., Sahoo K.S., Patra S.S. Energy efficiency in software defined networking: a survey. SN Comput. Sci. 2021; 2: 308.
10. Bahashwan A.A., Anbar M., Manickam S., Al-Amiedy T.A., Aladaileh M.A., Hasbullah I.H. A systematic literature review on machine learning and deep learning approaches for detecting DDoS attacks in softwaredefined networking. Sensors 2023; 23: 4441.
11. Palka D., Matuszewski A. Software-defined network SDN in CriNet for cyber secure national critical infrastructure, Cybersecurity & Cybercrime, 2024.
12. Malik, S., Ahmad, S., Ullah, I., Park, D.H., Kim, D.H. An adaptive emergency first intelligent scheduling algorithm for e-client task management and scheduling in hybrid of hard real-time and soft real-time embedded IoT systems. Sustainability 2019; 11: 2192.
13. Pereira, D.A., Ourique de Morais, W., Pignaton de Freitas, E. NoSQL real-time database performance comparison. Int. J. Parallel Emergent Distrib. Syst. 2017; 33: 144–156.
14. https://zsz.prz.edu.pl/en/research-stand-ioe/about.
15. https://docs.openvswitch.org/en/latest/topics/ovs-extensions/.
16. https://github.com/noxrepo/pox.git.
17. https://pastebin.com/CptkTTBp A file that prepares an image with the POX controller (Dockerfile).
18. https://pastebin.com/78hrh0tL Building and running an image with the POX controller.
19. https://pastebin.com/He4jkUUp Minimal POX controller base class with incoming packet handling.
20. https://pastebin.com/Hk8Y7U6t Container construction based on the YAML configuration file.
21. https://pastebin.com/pYxttinb MQTT packet recognition and control of packet processing method.
22. https://pastebin.com/mwzh3gVE The code responsible for counting ICMP-type packets and performing the action (scenario #1).
23. https://pastebin.com/ZCRemHKV Handling packets based on their type (only MQTT packets are subject to counting).
24. https://pastebin.com/PN7gdD5V Writing out anomaly occurrences every 60 s of program operation.
25. https://pastebin.com/PN8qVg8q Code that controls the flow of a specific MQTT packet.
26. https://pastebin.com/T5Yfvcs8 Sample package content in JSON.
27. https://pastebin.com/xzSJSDvi The code checks whether the “mac” key exists in the package and introduces error handling.
28. https://pastebin.com/iEVgzNHs Checking whether the physical MAC address is the same both in the packet content and in its header.
29. https://pastebin.com/RLk1qtqj Create a list of allowed addresses and check whether the sender’s physical address is on the list of allowed addresses.
30. https://pastebin.com/7Pzx4jHH Adding the MAC address of an MQTT intermediary (Broker) to allow bi-directional traffic.
31. https://pastebin.com/3AvPR1YD Checking of the package type and whether it is on the list of allowed packages.
32. https://pastebin.com/YZfDbfGe Cyclic sending of UDP packets to the MQTT Broker device in Python.
33. Dul, M., Gugała Ł. and Łaba K. Protecting web applications from authentication attacks, Advances in Web Development Journal, 2023; 1(1). doi:10.5281/zenodo.10049992.
34. Aldowah, H., Ul Rehman, S. and Umar, I., Security in internet of things: issues, challenges and solutions. In Recent Trends in Data Science and Soft Computing: Proceedings of the 3rd International Conference of Reliable Information and Communication Technology (IRICT 2018) 2019; 396–405. Springer International Publishing.
35. Chica, J.C.C., Imbachi, J.C. and Vega, J.F.B. Security in SDN: A comprehensive survey. Journal of Network and Computer Applications, 2020; 159: 102595.
36. Sezgin, A., and Boyacı, A. Enhancing intrusion detection in industrial internet of things through automated preprocessing. Advances in Science and Technology Research Journal, 2023; 17(2): 120–135. https://doi.org/10.12913/22998624/162004.
37. Bolanowski, M., Paszkiewicz, A., Żabiński, T., Piecuch, G., Salach, M., and Tomecki, K. System architecture for diagnostics and supervision of industrial equipment and processes in an IoE device environment. Electronics, 2023; 12(24).
38. Almutairi, Y.S., Alhazmi, B., and Munshi, A.A. Network intrusion detection using machine learning techniques. Advances in Science and Technology Research Journal, 2022; 16(3): 193–206. https://doi.org/10.12913/22998624/149934.
39. Al-Fayoumi, M. and Al-Haija, Q.A. Capturing lowrate DDoS attack based on MQTT protocol in software Defined-IoT environment. Array, 2023; 19: 100316.
40. Cheng, H., Liu, J., Xu, T., Ren, B., Mao, J. and Zhang, W. Machine learning based low-rate DDoS attack detection for SDN enabled IoT networks. International Journal of Sensor Networks, 2020; 34(1): 56–69.
41. Liu, Y. and Al-Masri, E. Slow Subscribers: a novel IoT-MQTT based denial of service attack. Cluster Computing, 2023; 26(6): 3973–3984.
42. Galeano-Brajones, J., Carmona-Murillo, J., Valenzuela-Valdés, J.F. and Luna-Valero, F. Detection and mitigation of DoS and DDoS attacks in IoT-based stateful SDN: An experimental approach. Sensors, 2020; 20(3): 816.
43. Ahuja, N. and Mukhopadhyay, D. June. Identification of DDoS Attack on IoT Network Using SDN. In 2023 3rd International Conference on Pervasive Computing and Social Networking (ICPCSN) 2023; 879–884.
44. Xiong, F., Li, A., Wang, H. and Tang, L. An SDN-MQTT based communication system for battlefield UAV swarms. IEEE Communications Magazine, 2019; 57(8): 41–47.
45. Chen, X., Wu, T., Sun, G. and Yu, H. Software-defined MANET swarm for mobile monitoring in hydropower plants. 2019; 7: 152243–152257.

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-7d02191a-aa78-4799-ad0c-4b78bf2919c8