Lakshmanan Thirunavukkarasu, Sudershan (2020) Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
3MBLakshmananThirunavukkarasu_MASc_F2020.pdf - Accepted Version Available under License Spectrum Terms of Access. |
Abstract
By providing network functions through software running on standard hardware, Network Functions Virtualization (NFV) brings many benefits, such as increased agility and flexibility with reduced costs, as well as additional security concerns. Although existing works have examined various security issues of NFV, such as vulnerabilities in VNF software and DoS, there has been little effort on a security issue that is intrinsic to NFV, i.e., as an NFV environment typically involves multiple abstraction levels, the inconsistency that may arise between different levels can potentially be exploited for security attacks. Existing solutions mostly focus on verification, which is after the fact and cannot prevent irreversible damages. Further adding to the complexity, the different abstraction levels can be managed by multiple service providers, which may render the data required for verification inaccessible. Moreover, many existing solutions are limited to a single abstraction level and disregard the multi-level nature of NFV.
In this work, we propose the first NFV deployment model to capture the deployment aspects of NFV at different abstraction levels, which is essential for an in-depth study of the inconsistencies between such levels. We then present concrete attack scenarios in which the inconsistencies are exploited to attack the network functions in a stealthy manner. Based on the deployment model, we study the feasibility of detecting the inconsistencies through verification. Furthermore, by drawing an analogy between multi-level NFV events and natural languages, we propose a Neural Machine Translation (NMT)-based detection approach, namely, Caught-in-Translation (CiT), to detect cross-level inconsistency attacks in NFV. Specifically, we first extract event sequences from different abstraction levels of an NFV stack. We then leverage the Long Short-Term Memory (LSTM) to translate the event sequences from one level to another. Finally, we apply both similarity metric and Siamese neural network to compare the translated event sequences with the actual sequences to detect attacks. We integrate CiT into OpenStack/Tacker, and evaluate its performance using both real and synthetic data. Experimental results show that CiT outperforms traditional anomaly detection and provides an accurate, efficient, and robust solution for detecting inconsistency attacks in NFV.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Lakshmanan Thirunavukkarasu, Sudershan |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Information Systems Security |
Date: | 17 August 2020 |
Thesis Supervisor(s): | Wang, Lingyu and Zhang, Mengyuan |
ID Code: | 987341 |
Deposited By: | Sudershan Lakshmanan Thirunavukkarasu |
Deposited On: | 25 Nov 2020 16:31 |
Last Modified: | 25 Nov 2020 16:31 |
Repository Staff Only: item control page