Scalable and Dynamic Network Intrusion Detection and Prevention System

Network Intrusion Detection and Prevention Systems (NIDPS) are widely used to detect and thwart malicious activities and attacks. However, the existing NIDPS are monolithic/centralized, and hence they are very limited in terms of scalability and responsiveness. In this work, we address how to mitigate SYN Flooding attacks that can occur in the management network (OpenFlow) as well as in the production network taking into account the network scalability. Our suggested framework is a distributed and dynamic NIDPS that uses the Programming Protocol independent Packet Processors (P4) to process the network packets at the switch level and perform two main functions. First, it detects the SYN flooding attacks based on the SYN packets’ rate and threshold. Secondly, our system uses a reviewed way to activate the SYN cookies in order to block/drop illegitimate packets. Our framework takes advantage of the switch programmability (i.e., using P4 language), distributed packet processing, and centralized Software Defined Networking (SDN) control, to provide an efficient and extensible NIDPS.

[1]  Ramesh Govindan,et al.  Flow-level state transition as a new switch primitive for SDN , 2014, HotSDN.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[4]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[5]  Deep Medhi,et al.  SDNIPS: Enabling Software-Defined Networking based intrusion prevention system in clouds , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[6]  Tooska Dargahi,et al.  A Survey on the Security of Stateful SDN Data Planes , 2017, IEEE Communications Surveys & Tutorials.

[7]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[8]  Adam J. Aviv,et al.  Enabling Practical Software-defined Networking Security Applications with OFX , 2016, NDSS.

[9]  Pablo Garaizar,et al.  An experimental study on the applicability of SYN cookies to networked constrained devices , 2018, Softw. Pract. Exp..

[10]  Attila Kiss,et al.  Security Middleware Programming Using P4 , 2016, HCI.

[11]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[12]  Dijiang Huang,et al.  SnortFlow: A OpenFlow-Based Intrusion Prevention System in Cloud Environment , 2013, 2013 Second GENI Research and Educational Experiment Workshop.

[13]  Zonghua Zhang,et al.  Enabling security functions with SDN: A feasibility study , 2015, Comput. Networks.

[14]  Yehuda Afek,et al.  Network anti-spoofing with SDN data plane , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[15]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[16]  Giuseppe Bianchi,et al.  OpenState: programming platform-independent stateful openflow applications inside the switch , 2014, CCRV.

[17]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[18]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.