Lightweight IPS for port scan in OpenFlow SDN networks

Neu, Charles V.; Tatsch, Cássio Giordani; Lunardi, Roben Castagna; Michelin, Regio A.; Orozco, Alex M. S.; Zorzo, Avelino F.

doi:10.1109/noms.2018.8406313

Cited by 13 publications

(12 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Once an anomalous increase in the rate is detected, the controller requests the statistics of the switch. Then, we used the method proposed in the research 4 to detect the occurrence of a port scan. Since the port scan detection process is done only when it is triggered, the frequency of detection will be considerably reduced compared to methods that performs the detection every set interval.…”

Section: Proposed Port Scan Detection Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A proposal of port scan detection method based on Packet‐In Messages in OpenFlow networks and its evaluation

et al. 2021

View full text Add to dashboard Cite

Summary By quickly detecting a port scan and blocking the culprit host from the network, it is possible to minimize the spread of the damage by infected hosts and malicious users. In the past, various Software‐Defined Networking (SDN)‐based methods have been proposed, whose main advantage is the lower overhead compared to traditional methods that collect and analyze all captured traffic. On the other hand, due to the polling process used in these methods, it is necessary to set a short interval (e.g., few seconds) to keep the attacks' detection as short as possible. However, when the attack frequency is very low compared to normal traffic, there is an unnecessary overhead. In this paper, we propose a port scan detection method that considers the characteristics of Packet‐In messages sent from the OpenFlow (OF) switch to the controller. This allows a prompt detection and with less overhead than conventional polling methods. The evaluation was conducted using both simulated and real traffic data. Results confirm that the proposed method can detect port scans with lower overhead than existing methods.

show abstract

Section: Proposed Port Scan Detection Methodsmentioning

confidence: 99%

“…OpenFlow can collect traffic statistics from OF‐compatible devices, so that the communication can be handled in a switch‐by‐switch basis. This feature has been shown effective for network security measures 4,8,9 . For instance, Neu et al 4 .…”

Section: Introductionmentioning

confidence: 99%

A proposal of port scan detection method based on Packet‐In Messages in OpenFlow networks and its evaluation

et al. 2021

View full text Add to dashboard Cite

show abstract

“…In [48] authors use the existing Snort IDS for attacker information, and show that denial-of-service attacks can be monitored and mitigated by combining SDN security mechanisms, while the authors in [49] use a hybrid model of two types of machine learning (SVM and SOM) to improve the accuracy of DDoS attack detection relative to a separate machine learning approach. Neu et al [50] present an SDN solution to prevent port scan attacks. They used the statistics collected on SDN networks and updated the OpenFlow routing rules when a port scan was observed.…”

Section: Intrusion Prevention Systemsmentioning

confidence: 99%

Security Features in a Hybrid Software-Defined Network

Fosić¹,

Žagar

2021

Teh. vjesn.

View full text Add to dashboard Cite

The paper presents a novel paradigm of software-defined network that is significantly different from previous traditional networks and enables new opportunities in the architecture and implementation of security solutions. The analysis of network environments will compare traditional networks and software-defined networks and emphasize significant differences. A survey of the existing research includes vector attacks and troubleshooting using the capabilities of SDN with an emphasis on access control, detection, and prevention of attacks. This paper uses previous research and results to obtain information that will be used in improving critical system network protection and compares it with the existing conventional approach as well as implements it through a hybrid software-defined network.

show abstract

“…Os controladores SDN se comunicam com os dispositivos de encaminhamento (plano de dados) através de uma API Southbound (ex: Open-Flow) para definir regras de encaminhamento, além de extrair informac ¸ões (como estatísticas e eventos) que serão enviadas para as aplicac ¸ões [Kim and Feamster 2013]. Por exemplo, um controlador pode ser utilizado por diferentes aplicac ¸ões, como depuradores [Tavares et al 2017] e sistemas de prevenc ¸ão de intrusões [Neu et al 2018]. O plano de dados, por sua vez, é responsável por realizar o encaminhamento de pacotes entre os dispositivos, abstraindo o hardware utilizado [Farhad et al 2014].…”

Section: Sdn E Programabilidade Do Plano De Dadosunclassified

Avaliação de Linguagens de Programação do Plano de Dados em Redes Definidas por Software

Bol¹,

Bol

Esteves³

et al. 2021

Anais Da XIX Escola Regional De Redes De Computadores (ERRC 2021)

Self Cite

View full text Add to dashboard Cite

A evolução das infraestruturas de redes de computadores e protocolos de comunicação tem sido restringida nas últimas décadas. Isso ocorreu devido às dificuldades em realizar mudanças na infraestrutura de rede, a predominância de tecnologias específicas do fornecedor e as limitações no hardware disponível. As Redes Definidas por Software (SDN) trazem um novo paradigma para as redes, auxiliando no gerenciamento e administração de redes complexas devido à possibilidade de programação do plano de dados. A fim de fornecer uma avaliação das linguagens de programação disponíveis para o plano de dados, este trabalho apresenta um estudo preliminar e uma análise inicial do desempenho das linguagens POF, P4, µP4, e NPL.

show abstract

Lightweight IPS for port scan in OpenFlow SDN networks

Cited by 13 publications

References 9 publications

A proposal of port scan detection method based on Packet‐In Messages in OpenFlow networks and its evaluation

A proposal of port scan detection method based on Packet‐In Messages in OpenFlow networks and its evaluation

Security Features in a Hybrid Software-Defined Network

Avaliação de Linguagens de Programação do Plano de Dados em Redes Definidas por Software

Contact Info

Product

Resources

About