Privacy-Preserving Anomaly Detection Across Multi-domain for Software Defined Networks

  • Huishan Bian
  • Liehuang Zhu
  • Meng ShenEmail author
  • Mingzhong Wang
  • Chang Xu
  • Qiongyu Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9565)


Software Defined Network (SDN) separates control plane from data plane and provides programmability which adds rich function for anomaly detection. In this case, every organization can manage their own network and detect anomalous traffic data using SDN architecture. Moreover, detection of malicious traffic, such as DDoS attack, would be dealt with much higher accuracy if these organizations shared their data. Unfortunately, they are unwilling to do so due to privacy consideration. To address this contradiction, we propose an efficient and privacy-preserving collaborative anomaly detection scheme. We extend prior work on SDN-based anomaly detection method to guarantee accuracy and privacy at the same time. The implementation of our design on simulated data shows that it performs well for network-wide anomaly detection with little overhead.


Privacy-preserving Multi-domain collaboration Anomaly detection Software defined network 



The research work reported in this paper is supported by National Science Foundation of China under Grant No. 61100172, 61272512, 61402037, Program for New Century Excellent Talents in University (NCET-12-0046), Beijing Natural Science Foundation No. 4132054, and Beijing Institute of Technology Research Fund Program for Young Scholars.


  1. 1.
    Koponen, T., Casado, M., Gude, N., et al.: Onix: a distributed control platform for large-scale production networks. In: OSDI, pp. 1–6 (2010)Google Scholar
  2. 2.
    Phaal, P.: sFlow Specification Version 5, July 2004Google Scholar
  3. 3.
    McKeown, N., Anderson, T., Balakrishnan, H., et al.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)CrossRefGoogle Scholar
  4. 4.
    Giotis, K., Argyropoulos, C., Androulidakis, G., et al.: Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)CrossRefGoogle Scholar
  5. 5.
    Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE 35th Conference on Local Computer Networks (LCN), pp. 408–415. IEEE (2010)Google Scholar
  6. 6.
    Wang, B., et al.: DDoS attack protection in the era of cloud computing and Software-Defined Networking. Comput. Netw. 81, 308–319 (2015)CrossRefGoogle Scholar
  7. 7.
    Soule, A., Ringberg, H., Silveira, F., Rexford, J., Diot, C.: Detectability of traffic anomalies in two adjacent networks. In: Uhlig, S., Papagiannaki, K., Bonaventure, O. (eds.) PAM 2007. LNCS, vol. 4427, pp. 22–31. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Lin, P., Bi, J., Chen, Z., et al.: WE-bridge: West-East Bridge for SDN inter-domain network peering. In: IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 111–112. IEEE (2014)Google Scholar
  9. 9.
    Oliveira, S.R.M., Zaiane, O.R.: Privacy preserving clustering by data transformation. J. Inf. Data Manag. 1, 37 (2010)Google Scholar
  10. 10.
    Chen, K., Liu, L.: Privacy-preserving multiparty collaborative mining with geometric data perturbation. IEEE Trans. Parallel Distrib. Syst. 20(12), 1764–1776 (2009)CrossRefGoogle Scholar
  11. 11.
    Erfani, S.M., Law, Y.W., Karunasekera, S., Leckie, C.A., Palaniswami, M.: Privacy-preserving collaborative anomaly detection for participatory sensing. In: Ho, T.B., Zhou, Z.-H., Chen, A.L.P., Kao, H.-Y., Tseng, V.S. (eds.) PAKDD 2014, Part I. LNCS, vol. 8443, pp. 581–593. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  12. 12.
    Nagaraja, S., Jalaparti, V., Caesar, M., Borisov, N.: P3CA: private anomaly detection across ISP networks. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 38–56. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Zhang, P., Huang, X., Sun, X., et al.: Privacy-preserving anomaly detection across multi-domain networks. In: 9th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), pp. 1066–1070. IEEE (2012)Google Scholar
  14. 14.
    Nguyen, H.X., Roughan, M.: Multi-observer privacy-preserving hidden Markov models. IEEE Trans. Signal Process. 61, 6010–6019 (2013)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Giannella, C.R., Liu, K., Kargupta, H.: Breaching Euclidean distance-preserving data perturbation using few known inputs. Data Knowl. Eng. 83, 93–110 (2013)CrossRefGoogle Scholar
  16. 16.
    Lindell, Y., Pinkas, B.: Secure multiparty computation for privacy-preserving data mining. J. Priv. Confidentiality 1, 59–98 (2009)Google Scholar
  17. 17.
    Lo, Z.P., Fujita, M., Bavarian, B.: Analysis of neighborhood interaction in Kohonen neural networks. In: 6th International Parallel Processing Symposium, CA, Los Alamitos (1991)Google Scholar
  18. 18.
    Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Giotis, K., Androulidakis, G., Aglaris, V.: Leveraging SDN for efficient anomaly detection and mitigation on legacy networks. In: Third European Workshop on Software Defined Networks (EWSDN), pp. 85–90. IEEE (2014)Google Scholar
  20. 20.
    Chung, C.-J., Nice, et al.: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Transactions on Dependable and Secure Computing, pp. 198–211 (2013)Google Scholar
  21. 21.
    IEEE SDN For. 2013, 1–7 (2013)Google Scholar
  22. 22.
    Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 55–60 (2013)Google Scholar
  23. 23.
    Zhan, J.: Privacy-preserving collaborative data mining, Computational Intelligence Magazine, pp. 31–41. IEEE (2008)Google Scholar
  24. 24.
    Aggarwal, C.C., Philip, S.Y.: A general survey of privacy-preserving data mining models and algorithms. In: Aggarwal, C.C., Philip, S.Y. (eds.) A General Survey of Privacy-Preserving Data Mining Models and Algorithms. Advances in Database Systems, vol. 34, pp. 11–52. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Huishan Bian
    • 1
  • Liehuang Zhu
    • 1
  • Meng Shen
    • 1
    • 2
    Email author
  • Mingzhong Wang
    • 3
  • Chang Xu
    • 1
  • Qiongyu Zhang
    • 1
  1. 1.Beijing Engineering Research Center of High Volume Language Information Processing and Cloud Computing Applications, School of Computer ScienceBeijing Institute of TechnologyBeijingPeople’s Republic of China
  2. 2.Ministry of EducationKey Laboratory of Computer Network and Information Integration (Southeast University)NanjingPeople’s Republic of China
  3. 3.Faculty of Arts and BusinessUniversity of the Sunshine CoastQueenslandAustralia

Personalised recommendations