About Me Name: Yaokai Feng, from Kyushu University

Slides:



Advertisements
Similar presentations
SDN and Openflow.
Advertisements

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
KB-IDS. Academic Advisor: Dr. Yuval Elovici Technical Advisor: Asaf Shabtai Team Members: Eliya Rahamim Elad Ankry Uri Kanonov.
1© Copyright 2015 EMC Corporation. All rights reserved. SDN INTELLIGENT NETWORKING IMPLICATIONS FOR END-TO-END INTERNETWORKING Simone Mangiante Senior.
Design and Implementation of SIP-aware DDoS Attack Detection System.
VeriFlow: Verifying Network-Wide Invariants in Real Time
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.
CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
Unit 9: Distributing Computing & Networking Kaplan University 1.
Planning and Analyzing Wireless LAN
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
Network System Security - Task 2. Russell Johnston.
The Network Aware IoT Service at Edge Guoxi Wang.
WP2: Security aware low power IoT Processor
Authors: Christos Stergiou Andreas P. Plageras Kostas E. Psannis
SIEM Rotem Mesika System security engineering
WHY VIDEO SURVELLIANCE
SDN and Security Security as a service in the cloud
Connected Infrastructure
Instructor Materials Chapter 7: Network Evolution
SDN challenges Deployment challenges
IoT Security Part 2, The Malware
CompTIA Security+ Study Guide (SY0-401)
Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University
Denial of Service detection and mitigation on GENI
2018/5/8 An approach for detecting encrypted insider attacks on OpenFlow SDN Networks Author: Charles V. Neu , Avelino F. Zorzox , Alex M. S. Orozcoy and.
University of Maryland College Park
Research using Registries
Towards an optimized BlockChain for IoT
Connected Infrastructure
Algorithms for Big Data Delivery over the Internet of Things
Cloud Computing By P.Mahesh
Virtual LANs.
CompTIA Security+ Study Guide (SY0-401)
Call AVG Antivirus Support | Fix Your PC
VCE
Dieudo Mulamba November 2017
ONOS Drake Release September 2015.
Network Security: IP Spoofing and Firewall
Threat Landscape for Data Security
Internet of Things Vulnerabilities
Privacy Through Anonymous Connection and Browsing
Indigo Doyoung Lee Dept. of CSE, POSTECH
Cyber Defense Matrix Cyber Defense Matrix
DDoS Attack Detection under SDN Context
The Internet of Unsecure Things
SDN Based IoT-Cloud Comm.
Home Internet Vulnerabilities
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
Firewalls Routers, Switches, Hubs VPNs
Hjalmar Delaude, Jamente Cooper, Sivakumar Pillai, Istvan Barabasi
Abeer Ali, Dimitrios Pezaros, Christos Anagnostopoulos 
SPEAKER: Yu-Shan Chou ADVISOR: DR. Kai-Wei Ke
Smart Learning concepts to enhance SMART Universities in Africa
Firewall.
WHY VIDEO SURVELLIANCE
Network hardening Chapter 14.
Technology Convergence
Developing Vehicular Data Cloud Services in the IoT Environment
Autonomous Network Alerting Systems and Programmable Networks
Botnet of Things: Cybersecurity
Neo Tomorrow’s Healthcare Today.
Presentation transcript:

About Me Name: Yaokai Feng, from Kyushu University Research background/interests: Database (Ph.D. ) Pattern Recognition Network security My current focus 2017/3/19 WS@IITD 2017.03

WP6: Cloud Security for IoT Members in KU: (Leader) Koichi Sakurai (Prof.) Yaokai Feng (Assist. Prof. ) Danilo Vasconcellos Vargas (Assist. Prof. ) Jiawei Su (PhD candidate) Members in IITD Sanjiva Prasad (Prof.) Members in UMBC Anupam Joshi (Prof.) 2017/3/19 WS@IITD 2017.03

(WP6: Cloud Security for IoT) Today’s talk Part I: Cloud System in IoT Era Part II: What we are doing now Part III: Our future work 2017/3/19 WS@IITD 2017.03

Part I. Cloud System in IoT Era (WP6: Cloud Security for IoT) Part I. Cloud System in IoT Era 2017/3/19 WS@IITD 2017.03

1. Security in IoT era: more critically important The Internet has extended to the physical world information security service security physical world security life safety In many cases, security problems must be solved in real time 2017/3/19 WS@IITD 2017.03

2. “Smart” in IoT era: multi-layered (An example: from smart buildings to smart cities) smart region/organization smart building smart services smart city 2017/3/19 WS@IITD 2017.03

3. Centralized cloud system service models: Software as a service Platform as a Service Infrastructure as a service … … service contents: storage, computation, … … Not true in IoT era Based on two assumptions: 1) The users can wait for the processing result 2) The internet is always available when necessary users

(con’t) Many applications are time-critical tele-medicine, tele-patient-care, collision prevention of vehicles … … Many environments have poor internet connectivity IoT will be everywhere Problems on privacy and security may occur having every device connected to the centralized cloud and sending raw data They can’t afford the roundtrip to the cloud server more dangerous especially for sensitive data 2017/3/19 WS@IITD 2017.03

4. Cloud System in IoT Era: multi-layered Fog IoT devices A large number of service centers WP6’s task Their security must be guaranteed at the edge local ingestion of data quick turnaround of results 2017/3/19 WS@IITD 2017.03

Part II. What we are doing now (WP6: Cloud Security for IoT) Part II. What we are doing now 2017/3/19 WS@IITD 2017.03

SDN: often used in data centers 1. Proposing an approach to detect DDoS attacks in SDN environments Our approach can decrease the burden of the controller Its rough idea has been presented at: SDN: often used in data centers Xiang You, Yaokai Feng, Koichi Sakurai, “Packet-In message based DDoS attack detection in SDN network”, Hinokuni Symposium, Japan, Mar 2017 Technical slides are also prepared for this workshop We can discuss offline 2017/3/19 WS@IITD 2017.03

2. Investigating possible ways to simulate the IoT environment Simulation can enable threat-evaluations, defense strategies 3. Investigating for IOT malware analysis 2017/3/19 WS@IITD 2017.03

3. Investigation for IOT malware analysis Mostly Linux based malware Light-weight, single function Can be distributed by telnet connection (many IOT devices using easy password which allow free access), … … 2017/3/19 WS@IITD 2017.03

Part III. Our future work (WP6: Cloud Security for IoT) Part III. Our future work 2017/3/19 WS@IITD 2017.03

2. our investigation on simulation of IoT environment 1. the study on attack detection in SDN environments not only DDoS attack but also other attacks or anomalies 2. our investigation on simulation of IoT environment 3. Our Investigation and analysis of IoT malwares Investigating and analyzing characteristics of IOT malwares IOT malware classification 4. Implement novel ideas of active cyber defense for IoT 2017/3/19 WS@IITD 2017.03

Thank you 2017/3/19 WS@IITD 2017.03

Packet In message based DDoS attack detection in SDN network Xiang You, Yaokai Feng, Koichi Sakurai  Kyushu University  2017/3/19 WS@IITD 2017.03

Related work Packet check based All the packets are checked regardless of whether or not attacks have occurred. Flow-entry check based The flow table is checked once in every time slot Packet-in check based (2016) [1] When the frequency of packet-in exceeds the threshold (a trigger), all the flow-entries are collected and processed by the controller WS@IITD 2017.03 2017/3/19

The latest related work [1] Trigger Feature Extractor Classifier Attack Alert Flow Collector Frequency of packet-in all the flow-entries are collected and processed by the controller Switch Open-flow 2017/3/19 WS@IITD 2017.03

Our approach Statistics are made in advance Packet In Packet In N packet-in N packet-in OpenFlow controller Node Node frequency of Packet In entropy of source IPs entropy of destination IPs entropy of destination ports … … Packet In OpenFlow switch Statistics are made in advance New features are introduced user user 2017/3/19 WS@IITD 2017.03

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.