Signature and flow statistics based anomaly detection system in software-defined networking for 6G internet of things network

The classical networks are vertically integrated into which control and data plane are connected which makes it more difficult to manage. Software-Defined Networking (SDN) is an emerging technology that broke this vertical integration and separates the data plane from the control plane. The entire network control is (logically) centralized that maintains a view of the network. However, the centralized controller brings a lot of security challenges. Traffic flowing through an SDN is vulnerable to disruptions caused by some of the SDN switches. In this paper, the malicious behavior on SDN switches is identified that causes disturbance in a network. The proposed system is based on attack signatures and is also capable to detect such misbehaving switches that drop and swap packets due to their malign intent rather than link failure. Every attack has some signature, and these attacks are identified by predefined signatures and their different behavior. The identification of three different attacks is demonstrated: (1) DDoS attack, (2) port scanning, and iii) traffic diversion attack to assess the network performance. The pool of attack signature is established in a database and update the system supplied pool of signature. Lastly, the conclusion is made by demonstrating the anomaly detection and evaluating the performance of the network by presenting experimental results. The experimental results demonstrate the effectiveness of the proposed work and illustrate the detection mechanism that can detect attacks, achieve high detection accuracy with a low false-positive rate, and discussing some future work.