Network intrusion detection and prevention middlebox management in SDN

In traditional networks, it is difficult to manage the distributed detection and prevention nodes of IDS and IPS due to the laborious manual deployment and independent configuration. Software defined networking (SDN) provides a flexible approach to control the underlying network infrastructures efficiently. However, the OpenFlow flow table is too simple to provide complex functions with the match-action style processing. To support more functionalities, in this paper, we propose a middlebox management architecture with SDN - OpenMiddlebox, by extending OpenFlow to support middleboxes with ClickOS virtual machines (VM), so that programmable middleboxes could be deployed and managed in switches with fast booted ClickOS VMs flexibly. We then design automatic deployment and update schemes of network intrusion detection and prevention middleboxes with the centralized controller. The evaluation results show that OpenMiddlebox could manage the distributed middleboxes efficiently and is scalable to large networks, and the centralized control also improves the network intrusion detection and prevention accuracy.

[1]  Mohamed Ahmed,et al.  Enabling dynamic network processing with clickOS , 2012, SIGCOMM.

[2]  Sajad Shirali-Shahreza,et al.  FleXam: flexible sampling extension for monitoring and security applications in openflow , 2013, HotSDN '13.

[3]  Minlan Yu,et al.  Software Defined Traffic Measurement with OpenSketch , 2013, NSDI.

[4]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[5]  Aditya Akella,et al.  OpenNF: enabling innovation in network function control , 2015, SIGCOMM 2015.

[6]  Giuseppe Bianchi,et al.  OpenState: programming platform-independent stateful openflow applications inside the switch , 2014, CCRV.

[7]  EDDIE KOHLER,et al.  The click modular router , 2000, TOCS.

[8]  Gail-Joon Ahn,et al.  FLOWGUARD: building robust firewalls for software-defined networks , 2014, HotSDN.

[9]  Roberto Bifulco,et al.  ClickOS and the Art of Network Function Virtualization , 2014, NSDI.

[10]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[11]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[12]  Ying Zhang,et al.  An adaptive flow counting method for anomaly detection in SDN , 2013, CoNEXT.

[13]  Raouf Boutaba,et al.  PayLess: A low cost network monitoring framework for Software Defined Networks , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[14]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[15]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[16]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[17]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[18]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[19]  Costin Raiciu,et al.  Enabling fast, dynamic network processing with clickOS , 2013, HotSDN.

[20]  David Mazières,et al.  Tiny packet programs for low-latency network control and monitoring , 2013, HotNets.

[21]  A. Neeraja,et al.  Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[22]  Nick Feamster,et al.  A slick control plane for network middleboxes , 2013, HotSDN '13.