1.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya
Cloud-based Deception against Network Reconnaissance Attacks using SDN and NFV Proceedings Article
In: 2020 IEEE 45th Conference on Local Computer Networks (LCN), pp. 279–285, IEEE, 2020.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Cloud-based Deception against Network Reconnaissance Attacks using SDN and NFV},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/9314797/},
year = {2020},
date = {2020-11-16},
booktitle = {2020 IEEE 45th Conference on Local Computer Networks (LCN)},
pages = {279–285},
publisher = {IEEE},
school = {Florida International University},
abstract = {An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide
2.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Selcuk Uluagac
SDN-enabled recovery for Smart Grid teleprotection applications in post-disaster scenarios Journal Article
In: Journal of Network and Computer Applications, vol. 138, pp. 39–50, 2019.
Abstract | Links | BibTeX | Tags: SDN/NFV
@article{nokey,
title = {SDN-enabled recovery for Smart Grid teleprotection applications in post-disaster scenarios},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya and Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S1084804519301353},
year = {2019},
date = {2019-07-15},
journal = {Journal of Network and Computer Applications},
volume = {138},
pages = {39–50},
publisher = {Academic Press},
school = {Florida International University},
abstract = {Maintaining Smart Grid communications is crucial for providing power services. This requires a resilient communication architecture that can instantly self-repair any failures in the communication links or routes. Emerging Software Defined Networking (SDN) technology provides excellent flexibilities that can be applied to critical power grid applications. In this paper, we consider the problem of link failures in inter-substation communications and provide self-recovery by relying on wireless links that can be the only viable means for communication after disasters. Specifically, we propose an autonomous framework, which can not only detect link failures, but also establish either a WiFi or LTE-based link among substations through SDN capabilities. To be able to effectively evaluate the performance of this proposed SDN-enabled framework, we developed it in Mininet emulator. Since Mininet does not support LTE},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {article}
}
Maintaining Smart Grid communications is crucial for providing power services. This requires a resilient communication architecture that can instantly self-repair any failures in the communication links or routes. Emerging Software Defined Networking (SDN) technology provides excellent flexibilities that can be applied to critical power grid applications. In this paper, we consider the problem of link failures in inter-substation communications and provide self-recovery by relying on wireless links that can be the only viable means for communication after disasters. Specifically, we propose an autonomous framework, which can not only detect link failures, but also establish either a WiFi or LTE-based link among substations through SDN capabilities. To be able to effectively evaluate the performance of this proposed SDN-enabled framework, we developed it in Mininet emulator. Since Mininet does not support LTE
3.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya
A moving target defense and network forensics framework for ISP networks using SDN and NFV Journal Article
In: Future Generation Computer Systems, vol. 94, pp. 496–509, 2019.
Abstract | Links | BibTeX | Tags: SDN/NFV
@article{nokey,
title = {A moving target defense and network forensics framework for ISP networks using SDN and NFV},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya},
url = {https://www.sciencedirect.com/science/article/pii/S0167739X18307817},
year = {2019},
date = {2019-05-01},
journal = {Future Generation Computer Systems},
volume = {94},
pages = {496–509},
publisher = {North-Holland},
school = {Florida International University},
abstract = {With the increasing diversity of network attacks, there is a trend towards building more agile networks that can defend themselves or prevent attackers to easily launch attacks. To this end, moving target defense (MTD) mechanisms have started to be pursued to dynamically change the structure and configuration of the networks not only during an attack but also before an attack so that conducting network reconnaissance will become much more difficult. Furthermore, various network forensics mechanisms are introduced to help locating the source and types of attacks as a reactive defense mechanism. Emerging Software Defined Networking (SDN) and Network Function Virtualization (NFV) provide excellent opportunities to implement these mechanisms efficiently. This paper considers MTD in the context of an Internet Service Provider (ISP) network and proposes an architectural framework that will enable it even at},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {article}
}
With the increasing diversity of network attacks, there is a trend towards building more agile networks that can defend themselves or prevent attackers to easily launch attacks. To this end, moving target defense (MTD) mechanisms have started to be pursued to dynamically change the structure and configuration of the networks not only during an attack but also before an attack so that conducting network reconnaissance will become much more difficult. Furthermore, various network forensics mechanisms are introduced to help locating the source and types of attacks as a reactive defense mechanism. Emerging Software Defined Networking (SDN) and Network Function Virtualization (NFV) provide excellent opportunities to implement these mechanisms efficiently. This paper considers MTD in the context of an Internet Service Provider (ISP) network and proposes an architectural framework that will enable it even at
4.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya
Utilizing NFV for effective moving target defense against link flooding reconnaissance attacks Proceedings Article
In: MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM), pp. 946–951, IEEE, 2018.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Utilizing NFV for effective moving target defense against link flooding reconnaissance attacks},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/8599803/},
year = {2018},
date = {2018-10-29},
booktitle = {MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM)},
pages = {946–951},
publisher = {IEEE},
school = {Florida International University},
abstract = {Moving target defense (MTD) is becoming popular with the advancements in Software Defined Networking (SDN) technologies. With centralized management through SDN, changing the network attributes such as routes to escape from attacks is simple and fast. Yet, the available alternate routes are bounded by the network topology, and a persistent attacker that continuously perform the reconnaissance can extract the whole link-map of the network. To address this issue, we propose to use virtual shadow networks (VSNs) by applying Network Function Virtualization (NFV) abilities to the network in order to deceive attacker with the fake topology information and not reveal the actual network topology and characteristics. We design this approach under a formal framework for Internet Service Provider (ISP) networks and apply it to the recently emerged indirect DDoS attacks, namely Crossfire, for evaluation. The},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
Moving target defense (MTD) is becoming popular with the advancements in Software Defined Networking (SDN) technologies. With centralized management through SDN, changing the network attributes such as routes to escape from attacks is simple and fast. Yet, the available alternate routes are bounded by the network topology, and a persistent attacker that continuously perform the reconnaissance can extract the whole link-map of the network. To address this issue, we propose to use virtual shadow networks (VSNs) by applying Network Function Virtualization (NFV) abilities to the network in order to deceive attacker with the fake topology information and not reveal the actual network topology and characteristics. We design this approach under a formal framework for Internet Service Provider (ISP) networks and apply it to the recently emerged indirect DDoS attacks, namely Crossfire, for evaluation. The
5.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Selcuk Uluagac
Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications Proceedings Article
In: 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 1–6, IEEE, 2018.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya and Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/8319206/},
year = {2018},
date = {2018-01-12},
booktitle = {2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC)},
pages = {1–6},
publisher = {IEEE},
school = {Florida International University},
abstract = {Since real-time and resilient recovery of link failures is crucial for power grid infrastructure to continue its services, emerging technologies such as Software Defined Networking (SDN) has started to be employed for such purposes. SDN switches can be remotely controlled to change their configurations by exploiting the wireless communication options. However, when wireless is to be used in Smart Grid communications, security and reliability become important issues due to the specific characteristics of wireless communications. This paper investigates the overhead of providing such services on wireless links when SDN is utilized. Specifically, we consider the establishment of authentication services when wireless back-up links (i.e., WiFi or LTE) are employed as a result of a reactive link failure detection mechanism. To the best of our knowledge, this work is the first to consider authentication of such an SDN},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
Since real-time and resilient recovery of link failures is crucial for power grid infrastructure to continue its services, emerging technologies such as Software Defined Networking (SDN) has started to be employed for such purposes. SDN switches can be remotely controlled to change their configurations by exploiting the wireless communication options. However, when wireless is to be used in Smart Grid communications, security and reliability become important issues due to the specific characteristics of wireless communications. This paper investigates the overhead of providing such services on wireless links when SDN is utilized. Specifically, we consider the establishment of authentication services when wireless back-up links (i.e., WiFi or LTE) are employed as a result of a reactive link failure detection mechanism. To the best of our knowledge, this work is the first to consider authentication of such an SDN
6.
Kemal Akkaya, A Selcuk Uluagac, Abdullah Aydeger, Apurva Mohan
Secure Software Defined Networking Architectures for The Smart Grid Journal Article
In: Smart Grid-Networking, Data Management, and Business Models, pp. 53–70, 2017.
Abstract | Links | BibTeX | Tags: SDN/NFV
@article{nokey,
title = {Secure Software Defined Networking Architectures for The Smart Grid},
author = {Kemal Akkaya and A Selcuk Uluagac and Abdullah Aydeger and Apurva Mohan},
url = {https://books.google.com/books?hl=en&lr=&id=JAhEDwAAQBAJ&oi=fnd&pg=PT88&dq=info:OcC1SeBCof8J:scholar.google.com&ots=nhFxafbufx&sig=EGlL2OpaQdKdFaU53Db9hMH8vY4},
year = {2017},
date = {2017-12-19},
journal = {Smart Grid-Networking, Data Management, and Business Models},
pages = {53–70},
school = {Florida International University},
abstract = {The continuous growth of the Internet and the proliferation of smart devices and social networks pose new challenges for networks in keeping up with the dynamicity of hardware and software. In particular, the switches and routers that are involved in the transmission of the data from these networks and devices are typically developed in a vendor-specific fashion, which makes hardware and},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {article}
}
The continuous growth of the Internet and the proliferation of smart devices and social networks pose new challenges for networks in keeping up with the dynamicity of hardware and software. In particular, the switches and routers that are involved in the transmission of the data from these networks and devices are typically developed in a vendor-specific fashion, which makes hardware and
7.
Mehrdad Nojoumian, Arash Golchubian, Nico Saputro, Kemal Akkaya
Preventing collusion between SDN defenders anc attackers using a game theoretical approach Proceedings Article
In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 802–807, IEEE, 2017.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Preventing collusion between SDN defenders anc attackers using a game theoretical approach},
author = {Mehrdad Nojoumian and Arash Golchubian and Nico Saputro and Kemal Akkaya},
url = {https://ieeexplore.ieee.org/abstract/document/8116479/},
year = {2017},
date = {2017-05-01},
booktitle = {2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)},
pages = {802–807},
publisher = {IEEE},
school = {Florida International University},
abstract = {In this paper, a game-theoretical solution concept is utilized to tackle the collusion attack in a SDN-based framework. In our proposed setting, the defenders (i.e., switches) are incentivized not to collude with the attackers in a repeated-game setting that utilizes a reputation system. We first illustrate our model and its components. We then use a socio-rational approach to provide a new anti-collusion solution that shows cooperation with the SDN controller is always Nash Equilibrium due to the existence of a long-term utility function in our model.},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
In this paper, a game-theoretical solution concept is utilized to tackle the collusion attack in a SDN-based framework. In our proposed setting, the defenders (i.e., switches) are incentivized not to collude with the attackers in a repeated-game setting that utilizes a reputation system. We first illustrate our model and its components. We then use a socio-rational approach to provide a new anti-collusion solution that shows cooperation with the SDN controller is always Nash Equilibrium due to the existence of a long-term utility function in our model.
8.
Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Mohammed Rahman
Mitigating crossfire attacks using SDN-based moving target defense Proceedings Article
In: 2016 IEEE 41st conference on local computer networks (LCN), pp. 627–630, IEEE, 2016.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Mitigating crossfire attacks using SDN-based moving target defense},
author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya and Mohammed Rahman},
url = {https://ieeexplore.ieee.org/abstract/document/7796857/},
year = {2016},
date = {2016-11-07},
booktitle = {2016 IEEE 41st conference on local computer networks (LCN)},
pages = {627–630},
publisher = {IEEE},
school = {Florida International University},
abstract = {Recent research demonstrated that software defined networking (SDN) can be leveraged to enable moving target defense (MTD) to mitigate distributed denial of service (DDoS) attacks. The network states are continuously changed in MTD by effectively collecting information from the network and enforcing certain security measures on the fly in order to deceive the attackers. Being motivated from the success of SDN-based maneuvering, this work targets an emerging type of DDoS attacks, called Crossfire, and proposes an SDN-based MTD mechanism to defend against such attacks. We analyze Crossfire attack planning and utilize the analyzed results to develop the defense mechanism which in turn reorganize the routes in such a way that the congested links are avoided during packet forwarding. The detection and mitigation techniques are implemented using Mininet emulator and Floodlight SDN controller. The},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
Recent research demonstrated that software defined networking (SDN) can be leveraged to enable moving target defense (MTD) to mitigate distributed denial of service (DDoS) attacks. The network states are continuously changed in MTD by effectively collecting information from the network and enforcing certain security measures on the fly in order to deceive the attackers. Being motivated from the success of SDN-based maneuvering, this work targets an emerging type of DDoS attacks, called Crossfire, and proposes an SDN-based MTD mechanism to defend against such attacks. We analyze Crossfire attack planning and utilize the analyzed results to develop the defense mechanism which in turn reorganize the routes in such a way that the congested links are avoided during packet forwarding. The detection and mitigation techniques are implemented using Mininet emulator and Floodlight SDN controller. The
9.
Abdullah Aydeger, Kemal Akkaya, Mehmet H Cintuglu, A Selcuk Uluagac, Osama Mohammed
Software defined networking for resilient communications in smart grid active distribution networks Proceedings Article
In: 2016 IEEE International Conference on Communications (ICC), pp. 1–6, IEEE, 2016.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Software defined networking for resilient communications in smart grid active distribution networks},
author = {Abdullah Aydeger and Kemal Akkaya and Mehmet H Cintuglu and A Selcuk Uluagac and Osama Mohammed},
url = {https://ieeexplore.ieee.org/abstract/document/7511049/},
year = {2016},
date = {2016-05-22},
booktitle = {2016 IEEE International Conference on Communications (ICC)},
pages = {1–6},
publisher = {IEEE},
school = {Florida International University},
abstract = {Emerging Software Defined Networking (SDN) technology provides excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. In this paper, we propose an SDN-based communication infrastructure for Smart Grid distribution networks among substations. A Smart Grid communication infrastructure consists of a large number of heterogenous devices that exchange real-time information for monitoring the status of the grid. We then investigate how SDN-enabled Smart Grid infrastructure can provide resilience to active distribution substations with self-recovery. Specifically, by introducing redundant and wireless communication links that can be used during the emergencies, we show that SDN controllers can be effective for restoring the communication while providing a lot of flexibility. Furthermore, to be able to effectively evaluate the performance of the proposed work in},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
Emerging Software Defined Networking (SDN) technology provides excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. In this paper, we propose an SDN-based communication infrastructure for Smart Grid distribution networks among substations. A Smart Grid communication infrastructure consists of a large number of heterogenous devices that exchange real-time information for monitoring the status of the grid. We then investigate how SDN-enabled Smart Grid infrastructure can provide resilience to active distribution substations with self-recovery. Specifically, by introducing redundant and wireless communication links that can be used during the emergencies, we show that SDN controllers can be effective for restoring the communication while providing a lot of flexibility. Furthermore, to be able to effectively evaluate the performance of the proposed work in
10.
Abdullah Aydeger, Kemal Akkaya, A Selcuk Uluagac
SDN-based resilience for smart grid communications Proceedings Article
In: 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 31–33, IEEE, 2015.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {SDN-based resilience for smart grid communications},
author = {Abdullah Aydeger and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/7387401/},
year = {2015},
date = {2015-11-18},
booktitle = {2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN)},
pages = {31–33},
publisher = {IEEE},
school = {Florida International University},
abstract = {With the recent advances in SDN-based technologies, there is a great interest from different communities to exploit SDN for their domain needs. One of such domains is Smart Grid where the underlying network is going through a massive upgrade to enable not only faster and reliable communications but also convenient control. To this end, SDN can be a viable option to provide resilience in Smart Grid SCADA and distribution networks. In this demo, we present such an opportunity by utilizing SDN for redundant communications. Specifically, we introduce multiple connection interfaces among distribution substations. In case of any failures of the wired connection, the backup connection that uses a wireless interface will be enabled by using an Open Daylight SDN controller. To be able to show this, we integrate a network simulator, namely, ns-3 with Mininet.},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
With the recent advances in SDN-based technologies, there is a great interest from different communities to exploit SDN for their domain needs. One of such domains is Smart Grid where the underlying network is going through a massive upgrade to enable not only faster and reliable communications but also convenient control. To this end, SDN can be a viable option to provide resilience in Smart Grid SCADA and distribution networks. In this demo, we present such an opportunity by utilizing SDN for redundant communications. Specifically, we introduce multiple connection interfaces among distribution substations. In case of any failures of the wired connection, the backup connection that uses a wireless interface will be enabled by using an Open Daylight SDN controller. To be able to show this, we integrate a network simulator, namely, ns-3 with Mininet.
11.
Kemal Akkaya, A Selcuk Uluagac, Abdullah Aydeger
Software defined networking for wireless local networks in smart grid Proceedings Article
In: 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops), pp. 826–831, IEEE, 2015.
Abstract | Links | BibTeX | Tags: SDN/NFV
@inproceedings{nokey,
title = {Software defined networking for wireless local networks in smart grid},
author = {Kemal Akkaya and A Selcuk Uluagac and Abdullah Aydeger},
url = {https://ieeexplore.ieee.org/abstract/document/7365934/},
year = {2015},
date = {2015-10-26},
booktitle = {2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops)},
pages = {826–831},
publisher = {IEEE},
school = {Florida International University},
abstract = {Emerging Software Defined Networking (SDN) technology has provided excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. With SDN, network architectures can be deployed and maintained with ease. New trends in computing (e.g., cloud computing, data centers, and virtualization) can seamlessly be integrated with the SDN architecture. On the other hand, recent years witnessed a tremendous growth in the upgrade and modernization of the critical infrastructure networks, namely the Smart-Grid, in terms of its underlying communication infrastructure. From Supervisory Control and Data Acquisition (SCADA) systems to Advanced Metering Infrastructure (AMI), an increasing number of networking devices are being deployed to connect all the local network components of the Smart Grid together. Such large local networks requires significant effort in terms of network},
keywords = {SDN/NFV},
pubstate = {published},
tppubtype = {inproceedings}
}
Emerging Software Defined Networking (SDN) technology has provided excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. With SDN, network architectures can be deployed and maintained with ease. New trends in computing (e.g., cloud computing, data centers, and virtualization) can seamlessly be integrated with the SDN architecture. On the other hand, recent years witnessed a tremendous growth in the upgrade and modernization of the critical infrastructure networks, namely the Smart-Grid, in terms of its underlying communication infrastructure. From Supervisory Control and Data Acquisition (SCADA) systems to Advanced Metering Infrastructure (AMI), an increasing number of networking devices are being deployed to connect all the local network components of the Smart Grid together. Such large local networks requires significant effort in terms of network
Citations: 18671
h-index: 54
i10-index: 162