Privacy-preserving Anomaly Detection Across Multi-domain For Software Defined Networks

Anomaly detection is a hot research problem in Software-Defined Network(SDN). However, existing schemes only consider anomaly detection in single network domain. While expanding to multi-domain, anomaly detection rate would be improved significantly if multiple domains could share network flow information. These network flow information contains a lot of sensitive information, so anomaly detection across multi-domains will disclose privacy. Therefore, it becomes a challenge to ensure anomaly detection across multi-domain with privacy preserving. On the one hand, anomaly detection in SDN requires high real-time performance. On the other hand, detection rate should be higher in multi-domains cooperation scenario. However, existing privacy preserving method either sacrifices accuracy to obtain high efficiency or gain high accuracy by deducing efficiency. Therefore, how to achieve both real-time performance and accuracy becomes a challenge.To address aforementioned challenges, this paper proposes a privacypreserving anomaly detection scheme across multi-domain. This scheme allows cooperation among multiple domains without privacy disclosure. This paper focuses on privacy disclosure upon detecting anomaly across multi-domain for SDN. To the best of our knowledge, it is the first time to consider privacy preserving problem in multi-domain collaboration scenario. This paper defines privacy information of intra-domain, and analyzes privacy disclosure for multi-domain collaboration. In order to protect privacy of network domain, we employ data perturbation based privacy preserving scheme and eliminate perturbation value in subsequent computation, so that the scheme can ensure high efficiency and high accuracy at the same time. Finally, we use theoretical analysis to prove that the proposed scheme can guarantee the privacy of SDN domain. Then, we use Floodlight controller and Mininet simulation platform to implement and verify the proposed scheme. The experiment results show the proposed scheme can ensure both real-time performance and high accuracy.