Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

Birkinshaw Celyn; Rouka Elpida; Vassilakis Vassilios G.

首页> 外文期刊>Journal of network and computer applications >Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

【24h】

Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

机译：使用软件定义的网络实施入侵检测和防御系统：防御端口扫描和拒绝服务攻击

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Over recent years, we have observed a significant increase in the number and the sophistication of cyber attacks targeting home users, businesses, government organizations and even critical infrastructure. In many cases, it is important to detect attacks at the very early stages, before significant damage can be caused to networks and protected systems, including accessing sensitive data. To this end, cybersecurity researchers and professionals are exploring the use of Software-Defined Networking (SDN) technology for efficient and real-time defense against cyberattacks. SDN enables network control to be logically centralised by decoupling the control plane from the data plane. This feature enables network programmability and has the potential to almost instantly block network traffic when some malicious activity is detected.In this work, we design and implement an Intrusion Detection and Prevention System (IDPS) using SDN. Our IDPS is a software-application that monitors networks and systems for malicious activities or security policy violations and takes steps to mitigate such activity. We specifically focus on defending against port-scanning and Denial of Service (DoS) attacks. However, the proposed design and detection methodology has the potential to be expanded to a wide range of other malicious activities. We have implemented and tested two connection-based techniques as part of the IDPS, namely the Credit-Based Threshold Random Walk (CB-TRW) and Rate Limiting (RL). As a mechanism to defend against port-scanning, we outline and test our Port Bingo (PB) algorithm. Furthermore, we include QoS as a DoS attack mitigation, which relies on flow-statistics from a network switch. We conducted extensive experiments in a purpose-built testbed environment. The experimental results show that the launched port-scanning and DoS attacks can be detected and stopped in real-time. Finally, the rate of false positives can be kept sufficiently low by tuning the threshold parameters of the detection algorithms.

机译：近年来，我们发现针对家庭用户，企业，政府组织甚至关键基础设施的网络攻击的数量和复杂程度都在显着增加。在许多情况下，很重要的一点是，在网络和受保护系统可能遭受重大破坏（包括访问敏感数据）之前，应尽早检测攻击。为此，网络安全研究人员和专业人员正在探索使用软件定义的网络（SDN）技术来有效，实时地防御网络攻击。 SDN通过将控制平面与数据平面分离而使网络控制在逻辑上得以集中。此功能可实现网络可编程性，并有可能在检测到某些恶意活动时立即阻止网络流量。在这项工作中，我们使用SDN设计和实现入侵检测和防御系统（IDPS）。我们的IDPS是一款软件应用程序，可监视网络和系统是否存在恶意活动或违反安全策略的行为，并采取措施减轻此类活动。我们特别专注于防御端口扫描和拒绝服务（DoS）攻击。但是，建议的设计和检测方法可能会扩展到其他广泛的恶意活动。作为IDPS的一部分，我们已经实现并测试了两种基于连接的技术，即基于信用的阈值随机游走（CB-TRW）和速率限制（RL）。作为防御端口扫描的一种机制，我们概述并测试了端口宾果（PB）算法。此外，我们将QoS作为DoS攻击缓解措施，它依赖于网络交换机的流量统计信息。我们在专用的测试平台环境中进行了广泛的实验。实验结果表明，可以实时检测并阻止发起的端口扫描和DoS攻击。最后，通过调整检测算法的阈值参数，可以将误报率保持足够低。

著录项

来源
《Journal of network and computer applications》 |2019年第6期|71-85|共15页
作者
Birkinshaw Celyn; Rouka Elpida; Vassilakis Vassilios G.;
展开▼
作者单位

Univ York, Dept Comp Sci, York, N Yorkshire, England;

Univ York, Dept Comp Sci, York, N Yorkshire, England;

Univ York, Dept Comp Sci, York, N Yorkshire, England;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Intrusion detection and prevention system; Software-defined networking; Anomaly detection; Denial of service; Port scanning;

机译：入侵检测和防御系统;软件定义的网络;异常检测;拒绝服务;端口扫描;

相似文献

外文文献
中文文献
专利

1. Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks [J] . Birkinshaw Celyn, Rouka Elpida, Vassilakis Vassilios G. Journal of network and computer applications . 2019,第Juna期

机译：使用软件定义网络实现入侵检测和预防系统：防御端口扫描和拒绝服务攻击
2. Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks [J] . Sven Ehlert, Yacine Rebahi, Thomas Magedanz International Journal of Security and Networks . 2009,第3期

机译：SIP通信网络中的拒绝服务洪泛攻击入侵检测系统
3. Control Plane Packet-In Arrival Rate Analysis for Denial-of-Service Saturation Attacks Detection and Mitigation in Software-Defined Networks [J] . Khellah Fakhry Arabian Journal for Science and Engineering . 2019,第11期

机译：软件定义网络中拒绝服务饱和攻击检测和缓解的控制平面入站到达率分析
4. Design and Implementation Adaptive Intrusion Prevention System (IPS) for Attack Prevention in Software-Defined Network (SDN) Architecture [C] . Rifqi Fauzan Pratama, Novian Anggis Suwastika, Muhammad Arief Nugroho International Conference on Information and Communication Technology . 2018

机译：软件定义网络（SDN）架构中用于攻击防御的自适应入侵防御系统（IPS）的设计与实现
5. Design and Implementation of a Deep Learning based Intrusion Detection System in Software-Defined Networking Environment [D] . Niyaz, Quamar. 2017

机译：软件定义网络环境下基于深度学习的入侵检测系统的设计与实现
6. Fusion of Heterogeneous Intrusion Detection Systems for Network Attack Detection [O] . Jayakumar Kaliappan, Revathi Thiagarajan, Karpagam Sundararajan 2015

机译：融合用于网络攻击检测的异构入侵检测系统
7. Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks [O] . Celyn Birkinshaw, Elpida Rouka, Vassilios G. Vassilakis 2019

机译：使用软件定义网络实现入侵检测和预防系统：防御端口扫描和拒绝服务攻击

Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

摘要

著录项

相似文献

相关主题

期刊订阅