The popularity of adapting deep neural networks (DNNs) in solving hard problems has increased substantially. Specifically, the field computer vision, DNNs are becoming a core element developing many image and video classification recognition applications. However, vulnerable to adversarial attacks, which, given well-trained model, malicious input can be crafted by adding mere perturbations misclassify image. This phenomena raise security concerns utilizing critical life applications which...

As a new networking paradigm, Software-Defined Networking (SDN) separates data and control planes to facilitate programmable functions improve the efficiency of packet delivery. Recent studies have shown that there exist various security threats in SDN. For example, saturation attack may disturb normal delivery packets even make SDN system out service by flooding plane, or both. The existing research has focused on attacks caused SYN flooding. This paper presents an anomaly detection method,...

Software Defined Networking (SDN) is a new network paradigm that facilitates management by separating the control plane from data plane. Studies have shown an SDN may experience high packet loss rate and long delay in forwarding messages when OpenFlow channel overwhelmed saturation attack. The existing approaches focused on detection of attacks caused TCP-SYN flooding through periodic analysis traffic. However, there are two issues. First, previous incapable detecting other types, especially...

Adversarial attacks have been extensively studied in the domain of deep image classification, but their impacts on other domains such as Machine and Deep Learning-based Network Intrusion Detection Systems (NIDSs) received limited attention. While adversarial images are generally more straightforward due to fewer constraints input domain, generating examples network poses greater challenges diverse types traffic need maintain its validity. Prior research has introduced generate against NIDSs,...

Recently, different machine learning-based detection systems are proposed to detect DDoS saturation attacks in Software-defined Networking (SDN). Meanwhile, research studies highlight the vulnerabilities of adapting such SDN. For instance, an adversary can fool learning classifiers these by crafting specific adversarial attack samples, preventing DoS attacks. To better understand security properties settings, this paper investigates robustness supervised and unsupervised against First, we...

While the decoupling of control and data planes in software-defined networking (SDN) facilitates orchestrating network traffic, it suffers from security threats. For example, saturation attacks can make SDN out service by exhausting controller' switch's computational resources. The existing research has focused on defense against limited types attacks. In this paper, we propose vSwitchGuard, a framework for detection countermeasure known unknown SDN. vSwitchGuard aims to identify victim...

Spatial data clustering has long been used to facilitate the knowledge discovery process. Several approaches have proposed in literature for detecting and understanding hidden patterns. These are based on different perspectives can be roughly categorized into several main categories, including centroid-based, density-based, grid-based, hierarchy-based clustering. In spite of being a very mature research area, existing spatial techniques usually depend user parameters continue utilize...

The design of existing machine-learning-based DoS detection systems in software-defined networking (SDN) suffers from two major problems. First, the proper time window for conducting network traffic analysis is unknown and has proven challenging to determine. Second, it unable detect types saturation attacks. An attack an that not represented training data. In this paper, we evaluate three supervised classifiers detecting a family DDoS flooding attacks (UDP, TCP-SYN, IP-Spoofing, TCP-SARFU,...

Software security testing is an important technique for discovering software vulnerabilities that violate requirements. Existing methods, however, seldom generate tests directly from requirements specifications. To address this issue, paper presents approach constructing test models the artifacts of misuse case modeling (i.e., use/misuse cases and mitigation use cases), which a popular method specification in development process. The can then be used to automatically tests, consist inputs...

Attribute-based access control (ABAC) with obligations is a new technique for achieving fine-grained and accountability. An obligatory ABAC system can be implemented incorrectly various reasons, such as programming errors incorrect obligation specification. To reveal these implementation defects, this paper presents an approach to model-based testing of systems. In approach, we first build test model by specifying functional policy. The policy represents constraints on the model. Then weave...

HPC typically employs parallelization in software and hardware order to accelerate the computing processing. The underlying network itself is used collectively by all experiments. In this paper, we propose a for based on different running experiments or jobs. Each experiment/job will be logically sliced isolated from other Additionally, each includes logical nodes across cluster. SDN controller manage control slicing process. We evaluated model using Opendaylight controller, FlowVisor...

By exposing the programmable interfaces, software-defined networking (SDN) facilitates development of network applications, specifically, machine-learningbased flooding attack detection systems. Despite their promising results in detecting attacks, adoption into operational environments is limited. This partially because incapability unknown attacks. An an that not comprised training dataset machine learning classifier. In this paper, we propose FloodDetector, efficient framework for known...