Analysis of Traffic Signals on a Software-Defined Network for Detection and Classification of a Man-in-the-Middle Attack
Abstract
Software-defined networking (SDN) has the potential to revolutionize the management capabilities of a highly distributed military communications environment. Yet, military adoption of SDN is contingent on a thorough analysis of security implications. In this thesis, we investigate a man-in-the-middle (MITM) attack that exploits the centralized topological view critical to SDN operations. In particular, we present a new scheme for detection and classification of the attack at the network layer. We apply wavelet analysis to detect anomalous conditions introduced by the MITM attack at traffic signals collected at network switch ports. Furthermore, we identify unique characteristics of reported anomalies in the collected traffic signals to build a classification framework. Other cyber events, such as a distributed denial-of-service attack and network congestion, are presented to the detection scheme to validate its general applicability. Overall, we successfully demonstrate the capability to detect and classify the MITM attack in addition to other cyber events at the network layer, thereby contributing to the security of SDN.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2017
- Accession Number
- AD1046828
Entities
People
- Julian N. D'orsaneo
Organizations
- Naval Postgraduate School