Mostrar el registro sencillo del ítem
dc.contributor.author | Scaranti, Gustavo Frigo![]() |
es_ES |
dc.contributor.author | Carvalho, Luiz Fernando![]() |
es_ES |
dc.contributor.author | Barbon Junior, Sylvio![]() |
es_ES |
dc.contributor.author | Lloret, Jaime![]() |
es_ES |
dc.contributor.author | Proença Jr, Mario Lemes![]() |
es_ES |
dc.date.accessioned | 2023-12-04T19:02:27Z | |
dc.date.available | 2023-12-04T19:02:27Z | |
dc.date.issued | 2022-04-01 | es_ES |
dc.identifier.issn | 0957-4174 | es_ES |
dc.identifier.uri | http://hdl.handle.net/10251/200496 | |
dc.description.abstract | [EN] Software Defined Networking (SDN) simplifies network management and significantly reduces operational costs. SDN removes the control plane from forwarding devices (e.g., routers and switches) and centralizes this plane in a controller, enabling the management of the network forwarding decisions by programming the control plane with a high-level language. However, its centralized architecture may be compromised by flooding attacks, such as Distributed Denial of Service (DDoS) and portscan. Facing this challenge, we propose an Intrusion Detection System (IDS) based on online clustering to detect attacks in an evolving SDN network taking advantage of the entropy of source and destination IP addresses and ports. Our proposal is focused on avoiding the demand for labeling and previous knowledge to provide a practical and accurate method to address real-life online scenarios. Moreover, our proposal paves the way for a comprehensive analysis by projecting the cluster's structure over the feature space, providing insights on intensity, seasonality, and attack type. Our experiments were carried out with the DenStream algorithm in several databases attacked by DDoS and portscan with different intensities, durations, and overlapping patterns. When comparing DenStream performance to Half-Space-Trees, an accurate online one-class classification algorithm for anomaly detection, it was possible to expose the capacity of our unsupervised proposal, overcoming the one-class solution, and reaching f-measure rates above 99.60%. | es_ES |
dc.description.sponsorship | This work was supported by the National Council for Scientific and Technological Development (CNPq) of Brazil under Grant of Projects 420562/2018-4, 310668/2019-0, and 309863/2020-1, and FundacAo Araucaria (Parana, Brazil) ; by the "Ministerio de Economía y Competitividad" in the "Programa Estatal de Fomento de la Investigación Científica y Técnica de Excelencia, Sub-programa Estatal de Generación de Conocimiento" within the project under Grant TIN2017-84802-C2-1-P. | es_ES |
dc.language | Inglés | es_ES |
dc.publisher | Elsevier | es_ES |
dc.relation.ispartof | Expert Systems with Applications | es_ES |
dc.rights | Reconocimiento - No comercial - Sin obra derivada (by-nc-nd) | es_ES |
dc.subject | Anomaly detection | es_ES |
dc.subject | Software Defined Networking (SDN) | es_ES |
dc.subject | Stream ining | es_ES |
dc.subject | DenStream | es_ES |
dc.subject | DDoS | es_ES |
dc.subject | Portscan | es_ES |
dc.subject.classification | INGENIERÍA TELEMÁTICA | es_ES |
dc.title | Unsupervised online anomaly detection in Software Defined Network environments | es_ES |
dc.type | Artículo | es_ES |
dc.identifier.doi | 10.1016/j.eswa.2021.116225 | es_ES |
dc.relation.projectID | info:eu-repo/grantAgreement/AEI/Plan Estatal de Investigación Científica y Técnica y de Innovación 2013-2016/TIN2017-84802-C2-1-P/ES/RED COGNITIVA DEFINIDA POR SOFTWARE PARA OPTIMIZAR Y SECURIZAR TRAFICO DE INTERNET DE LAS COSAS CON INFORMACION CRITICA/ | es_ES |
dc.relation.projectID | info:eu-repo/grantAgreement/CNPq//310668%2F2019-0/ | es_ES |
dc.relation.projectID | info:eu-repo/grantAgreement/CNPq//420562%2F2018-4/ | es_ES |
dc.relation.projectID | info:eu-repo/grantAgreement/CNPq//309863%2F2020-1/ | es_ES |
dc.rights.accessRights | Abierto | es_ES |
dc.contributor.affiliation | Universitat Politècnica de València. Escuela Politécnica Superior de Gandia - Escola Politècnica Superior de Gandia | es_ES |
dc.description.bibliographicCitation | Scaranti, GF.; Carvalho, LF.; Barbon Junior, S.; Lloret, J.; Proença Jr, ML. (2022). Unsupervised online anomaly detection in Software Defined Network environments. Expert Systems with Applications. 191:1-13. https://doi.org/10.1016/j.eswa.2021.116225 | es_ES |
dc.description.accrualMethod | S | es_ES |
dc.relation.publisherversion | https://doi.org/10.1016/j.eswa.2021.116225 | es_ES |
dc.description.upvformatpinicio | 1 | es_ES |
dc.description.upvformatpfin | 13 | es_ES |
dc.type.version | info:eu-repo/semantics/publishedVersion | es_ES |
dc.description.volume | 191 | es_ES |
dc.relation.pasarela | S\491792 | es_ES |
dc.contributor.funder | Fundação Araucária, Brasil | es_ES |
dc.contributor.funder | Agencia Estatal de Investigación | es_ES |
dc.contributor.funder | Conselho Nacional de Desenvolvimento Científico e Tecnológico, Brasil | es_ES |