On detection and prevention of zero-day attack using cuckoo sandbox in software-defined networks

الملخص EN

Networks attacker may identify the network vulnerability within less than one day; this kind of attack is known as zero-day attack.

This undiscovered vulnerability by vendors empowers the attacker to affect or damage the network operation, because vendors have less than one day to fix this new exposed vulnerability.

The existing defense mechanisms against the zero-day attacks focus on the prevention effort, in which unknown or new vulnerabilities typically cannot be detected.

To the best of our knowledge the protection mechanism against zero-day attack is not widely investigated for Software-Defined Networks (SDNs).

Thus, in this work we are motivated to develop a new zero-day attack detection and prevention mechanism for SDNs by modifying Cuckoo sandbox tool.

The mechanism is implemented and tested under UNIX system.

The experiments results show that our proposed mechanism successfully stops the zero-day malwares by isolating the infected clients, in order to prevent the malwares from spreading to other clients.

Moreover, results show the effectiveness of our mechanism in terms of detection accuracy and response time.