Abstract Networks attacker may identify the network vulnerability within less than one day; this kind of attack is known as zero-day attack. This undiscovered vulnerability by vendors empowers the attacker to affect or damage the network operation, because vendors have less than one day to fix this new exposed vulnerability. The existing defense mechanisms against the zero-day attacks focus on the prevention effort, in which unknown or new vulnerabilities typically cannot be detected. To the best of our knowledge the protection mechanism against zero-day attack is not widely investigated for Software-Defined Networks (SDNs). Thus, in this work we are motivated to develop a new zero-day attack detection and prevention mechanism for SDNs by modifying Cuckoo sandbox tool. The mechanism is implemented and tested under UNIX system. The experiments results show that our proposed mechanism successfully stops the zero-day malwares by isolating the infected clients, in order to prevent the malwares from spreading to other clients. Moreover, results show the effectiveness of our mechanism in terms of detection accuracy and response time.

References

[1] Afek Y., Bremler-Barr A., and Feibish S., “Zero- Day Signature Extraction for High-Volume Attacks,” IEEE/ACM Transactions on Networking, vol. 27, no. 2, pp. 691-706, 2019.

[2] Alauthman M., Aslam N., Al-Kasassbeh M., Khan S., Al-Qerem A., and Choo K., “An Efficient Reinforcement Learning-Based Botnet Detection Approach,” Journal of Network and Computer Applications, vol. 150, pp. 102479, 2020.

[3] Almukaynizi M., Nunes E., Dharaiya K., Senguttuvan M., Shakarian J., and Shakarian P., “Proactive Identification of Exploits in the Wild Through Vulnerability Mentions Online,” in Proceedings of IEEE International Conference on Cyber Conflict, Washington, pp. 82-88, 2017.

[4] Al-Rushdan H., Shurman M., Alnabelsi S., and Althebyan Q., “Zero-Day Attack Detection and Prevention in Software-Defined Networks,” in Proceedings of the International Arab Cuckoo Analysis Time (sec) CPU type Time (sec) On Detection and Prevention of Zero-Day Attack Using Cuckoo Sandbox ... 669 Conference on Information Technology, Alain, pp. 278-282, 2019.

[5] Bilge L. and Dumitras T., “Before We Knew It an Empirical Study of Zero-Day Attacks in The Real World,” in Proceedings of ACM Conference on Computer and Communications Security, Raleigh North Carolina, pp. 833-844, 2012.

[6] Braun W. and Menth M., “Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices,” Journal of Future Internet, vol. 6, no. 2, pp. 302- 336, 2014.

[7] Doria A., Salim J., Haas R., Khosravi H., Wang W., Dong L., Gopal R., and Halpern J., Forwarding and Control Element Separation (ForCES) Protocol Specification, RFC 5810, pp. 1-124, 2010.

[8] Goto Y., Ng B., Seah W., and Takahashi Y., “Queueing Analysis of Software Defined Network with Realistic Openflow-Based Switch Model,” Computer Networks, vol. 164, pp. 301- 306, 2019.

[9] Haleplidis E., Denazis S., Koufopavlou O., Salim J., and Halpern J., “Software-Defined Networking: Experimenting with the Control to Forwarding Plane Interface,” in Proceedings of the European Workshop on Software Defined Networks, Darmstadt, pp. 91-96, 2012.

[10] Karakus M. and Durresi A., “A Survey: Control Plane Scalability Issues and Approaches in Software-Defined Networking (Sdn),” Computer Networks, vol. 112, pp. 279-293, 2017.

[11] Kaur R. Singh M., “A Survey on Zero-Day Polymorphic Worm Detection Techniques,” IEEE Communications Surveys and Tutorials, vol. 16, no. 3, pp. 1520-1549, 2014.

[12] Keramati M., “An Attack Graph Based Procedure for Risk Estimation of Zero-Day Attacks,” in Proceedings of The 8th International Symposium on Telecommunications, Tehran, pp. 723-728, 2016.

[13] Kim J., Bu S., and Cho S., “Zero-Day Malware Detection Using Transferred Generative Adversarial Networks Based on Deep Autoencoders,” Information Sciences, vol. 460, pp. 83-102, 2018.

[14] Kreutz D., Ramos F., and Verissimo P., “Towards Secure and Dependable Software-Defined Networks,” in Proceedings of the 2nd ACM SIGCOMM workshop on Hot Topics In Software Defined Networking, China, pp. 55-60, 2013.

[15] Meneely A. and Lucidi S., “Vulnerability of the Day: Concrete Demonstrations for Software Engineering Undergraduates,” in Proceedings of the 35th International Conference on Software Engineering, San Francisco, pp. 1154-1157, 2013.

[16] Rashma B. and Poornima G., “Performance Evaluation of Multi Controller Software Defined Network Architecture on Mininet,” in Proceedings of the International Conference on Remote Engineering and Virtual Instrumentation, Switzerland, pp. 442-455, 2019.

[17] Sachdeva M., Singh G., Kumar K., and Singh K., “DDoS Incidents and their Impact: A Review,” The International Arab Journal of Information Technology, vol. 7, no. 1, pp. 14-20, 2010.

[18] Shin M., Nam K., and Kim H., “Software- Defined Networking (SDN): A Reference Architecture and Open APIs,” in Proceedings of the International Conference on ICT Convergence, Jeju Island, pp. 360-361, 2012.

[19] Singh U., Joshi C., and Singh S., “Zero-day Attacks Defense Technique for Protecting System Against Unknown Vulnerabilities,” International Journal of Scientific Research, Computer Science and Engineering, vol. 5, no. 1, pp. 13-18, 2017.

[20] Singh U., and Joshi C., and Kanellopoulos D., “A Framework for Zero-Day Vulnerabilities Detection and Prioritization,” Journal of Information Security and Applications, vol. 46, pp. 164-172, 2019.

[21] Sood M., “Software Defined Network- Architectures,” in Proceedings of International Conference on Parallel Distributed and Grid Computing, Solan, pp. 451-456, 2014.

[22] SDN Architecture, Open Networking Foundation, Technical Report, 2016.

[23] Vasilescu M., Gheorghe L., and Tapus N., “Practical Malware Analysis Based on Sandboxing,” in Proceedings of RoEduNet Conference 13th Edition: Networking in Education and Research Joint Event RENAM 8th Conference, Chisinau, pp. 1-6, 2014.

[24] Wang L., Zhang M., Jajodia S., Singhal A., and Albanese M., “Modeling Network Diversity for Evaluating The Robustness of Networks Against Zero-Day Attacks,” in Proceedings of the 19th European Symposium on Research in Computer Security, Wroclaw, pp. 494-511, 2014. 670 The International Arab Journal of Information Technology, Vol. 17, No. 4A, Special Issue 2020 Huthifh Al-Rushdan received his B.Sc. degree in Computer Engineering, Jordan University of Science and Technology, Jordan, 2007. He received his M.Sc. in Computer Engineering, Jordan University of Science and Technology, 2018. Currenly, he is head of datacenters in Jordan Army. His research interests are in SDN, compuer security, datacenters, computer networks and virtualization. Mohammad Shurman received his B.Sc. degree in Electrical and Computer Engineering from Jordan University of Science and Technology, Irbid, Jordan, 2000. Also, he received his M.Sc. and Ph.D. degrees in Computer Engineering-Wireless Networks from University of Alabama-Huntsville (UAH) in 2003 and 2006, respectively. Presently, he is with the Network Engineering and Security Department, Jordan University of Science and Technology, Irbid, Jordan. His research interests include wireless Ad-hoc networks, security and key management of wireless networks, wireless sensor networks, network coding, wireless communication and mobile networks, software defined networks (SDN), cognitive radio, WiMAX, 4G and 5G technologies and Blockchains. Sharhabeel Alnabelsi is an associate professor at Computer Engineering Dept. at Al-Balqa Applied University, Amman, Jordan. Also, he is an associate professor in Computer Engineering Dept. at Al Ain University, UAE. He received his Ph.D. in Computer Engineering from Iowa State University, USA, 2012. Also, he received his M.Sc. in Computer Engineering from The University of Alabama in Huntsville, USA, 2007. His research interests are cognitive radio networks, wireless sensors networks, network resources optimization, and cloud computing. He is a member of honorary societies including Eta Kappa Nu and Phi Kappa Phi.