Login | Register

Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization


Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization

Lakshmanan Thirunavukkarasu, Sudershan (2020) Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization. Masters thesis, Concordia University.

[thumbnail of LakshmananThirunavukkarasu_MASc_F2020.pdf]
Text (application/pdf)
LakshmananThirunavukkarasu_MASc_F2020.pdf - Accepted Version
Available under License Spectrum Terms of Access.


By providing network functions through software running on standard hardware, Network Functions Virtualization (NFV) brings many benefits, such as increased agility and flexibility with reduced costs, as well as additional security concerns. Although existing works have examined various security issues of NFV, such as vulnerabilities in VNF software and DoS, there has been little effort on a security issue that is intrinsic to NFV, i.e., as an NFV environment typically involves multiple abstraction levels, the inconsistency that may arise between different levels can potentially be exploited for security attacks. Existing solutions mostly focus on verification, which is after the fact and cannot prevent irreversible damages. Further adding to the complexity, the different abstraction levels can be managed by multiple service providers, which may render the data required for verification inaccessible. Moreover, many existing solutions are limited to a single abstraction level and disregard the multi-level nature of NFV.
In this work, we propose the first NFV deployment model to capture the deployment aspects of NFV at different abstraction levels, which is essential for an in-depth study of the inconsistencies between such levels. We then present concrete attack scenarios in which the inconsistencies are exploited to attack the network functions in a stealthy manner. Based on the deployment model, we study the feasibility of detecting the inconsistencies through verification. Furthermore, by drawing an analogy between multi-level NFV events and natural languages, we propose a Neural Machine Translation (NMT)-based detection approach, namely, Caught-in-Translation (CiT), to detect cross-level inconsistency attacks in NFV. Specifically, we first extract event sequences from different abstraction levels of an NFV stack. We then leverage the Long Short-Term Memory (LSTM) to translate the event sequences from one level to another. Finally, we apply both similarity metric and Siamese neural network to compare the translated event sequences with the actual sequences to detect attacks. We integrate CiT into OpenStack/Tacker, and evaluate its performance using both real and synthetic data. Experimental results show that CiT outperforms traditional anomaly detection and provides an accurate, efficient, and robust solution for detecting inconsistency attacks in NFV.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Lakshmanan Thirunavukkarasu, Sudershan
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:17 August 2020
Thesis Supervisor(s):Wang, Lingyu and Zhang, Mengyuan
ID Code:987341
Deposited By: Sudershan Lakshmanan Thirunavukkarasu
Deposited On:25 Nov 2020 16:31
Last Modified:25 Nov 2020 16:31
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top