DFIPS: Toward Distributed Flexible Intrusion Prevention System in Software Defined Network

With the evolution of the innovative software defined network (SDN), security issues have been taken into consideration. Intrusion prevention system (IPS) has widely deployed as a crucial measure in traditional network architecture to protect network from malignity. In spite of good capability of protection, IPS is still complained in many aspects, such as fixed deployment, single-point-detection and low utilization rate. In this paper, we propose a distributed flexible intrusion prevention system in software defined network (DFIPS). Our proposed DFIPS has three main modules: a classifier, a detector pool and a control agent. The classifier is in charge of slicing traffic. The detector pool then generates several detector nodes for detecting. The control agent interacts with the classifier and the detector pool, as well as higher level SDN controller APPs and OpenFlow switches. DFIPS integrating with SDN controller can easily achieve good load balancing among DFIPSs without repetitive deployment. We evaluate the two forms of DFIPS interaction and latency to show the advantage of DFIPS. In future, we would implement a more comprehensive DFIPS emulation to prove feasibility. We believe that the proposed DFIPS will be adapted in real networks eventually. Keywords—Intrusion prevention system (IPS); Software defined network (SDN); OpenFlow

[1]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[2]  Fabrice Gadaud,et al.  NIDS architecture for clusters , 2005, Proceedings of the 2005 International Symposium on Collaborative Technologies and Systems, 2005..

[3]  Rob Sherwood,et al.  Carving research slices out of your production networks with OpenFlow , 2010, CCRV.

[4]  Yan Gao,et al.  A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[5]  Christophe Diot,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM.

[6]  Sanjay Jha,et al.  MalwareMonitor: An SDN-based Framework for Securing Large Networks , 2014, CoNEXT Student Workshop '14.

[7]  John W. Lockwood,et al.  Distributed Instrusion Prevention in Active and Extensible Networks , 2004, IWAN.

[8]  Lan Chen,et al.  Knowle: A semantic link network based system for organizing large scale online news events , 2015, Future Gener. Comput. Syst..

[9]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[10]  Vyas Sekar,et al.  Network-wide deployment of intrusion detection and prevention systems , 2010, CoNEXT.

[11]  Jacobus E. van der Merwe,et al.  DEIDtect: towards distributed elastic intrusion detection , 2014, DCC '14.

[12]  Aditya Akella,et al.  Design and implementation of a framework for software-defined middlebox networking , 2013, SIGCOMM.

[13]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[14]  Vyas Sekar,et al.  New opportunities for load balancing in network-wide intrusion detection systems , 2012, CoNEXT '12.

[15]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[16]  Marios Hadjieleftheriou,et al.  R-Trees - A Dynamic Index Structure for Spatial Searching , 2008, ACM SIGSPATIAL International Workshop on Advances in Geographic Information Systems.

[17]  Cole Schlesinger,et al.  Splendid isolation: a slice abstraction for software-defined networks , 2012, HotSDN '12.

[18]  Deris Stiawan,et al.  The trends of Intrusion Prevention System network , 2010, 2010 2nd International Conference on Education Technology and Computer.

[19]  S. Vasanthi,et al.  A study on network intrusion detection and prevention system current status and challenging issues , 2011, ARTCom 2011.

[20]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[21]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[22]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.

[23]  Lei Zhang,et al.  Deployment of Intrusion Prevention System based on Software Defined Networking , 2013, 2013 15th IEEE International Conference on Communication Technology.