An OpenFlow-based collaborative intrusion prevention system for cloud networking

2015 IEEE International Conference on Communication Software and Networks (ICCSN) Pub Date : 2015-06-06 DOI:10.1109/ICCSN.2015.7296133

N. Huang, C. Wang, I-Ju Liao, Chengtah Lin, Chia-Nan Kao

{"title":"An OpenFlow-based collaborative intrusion prevention system for cloud networking","authors":"N. Huang, C. Wang, I-Ju Liao, Chengtah Lin, Chia-Nan Kao","doi":"10.1109/ICCSN.2015.7296133","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) is an emerging architecture that is ideal for today's high-bandwidth, dynamic network environments. In this architecture, the control and data planes are decoupled from each other. Although much research has been performed into how SDN can resolve some of the most-glaring security issues of traditional networking, less research has addressed cloud security threats, and, in particular, botnet/malware detection and in-cloud attacks. This work proposes an intrusion prevention system for cloud networking with SDN solutions. To realize collaborative defense, mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated because bot-infected VMs are removed effectively and efficiently from the private cloud. The scanning behavior can be filtered at a very early stage of prevention, making the VMs less exploitable. A honeypot mechanism is also deployed to trap attackers. Experimental results show the high detection rate, high prevention accuracy and low vulnerability of the proposed system.","PeriodicalId":319517,"journal":{"name":"2015 IEEE International Conference on Communication Software and Networks (ICCSN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Communication Software and Networks (ICCSN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSN.2015.7296133","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Software-Defined Networking (SDN) is an emerging architecture that is ideal for today's high-bandwidth, dynamic network environments. In this architecture, the control and data planes are decoupled from each other. Although much research has been performed into how SDN can resolve some of the most-glaring security issues of traditional networking, less research has addressed cloud security threats, and, in particular, botnet/malware detection and in-cloud attacks. This work proposes an intrusion prevention system for cloud networking with SDN solutions. To realize collaborative defense, mechanisms of botnet/malware blocking, scan filtering and honeypot are implemented. Malicious traffic is isolated because bot-infected VMs are removed effectively and efficiently from the private cloud. The scanning behavior can be filtered at a very early stage of prevention, making the VMs less exploitable. A honeypot mechanism is also deployed to trap attackers. Experimental results show the high detection rate, high prevention accuracy and low vulnerability of the proposed system.

查看原文本刊更多论文

基于openflow的云组网协同入侵防御系统

软件定义网络(SDN)是一种新兴的体系结构，非常适合当今的高带宽、动态网络环境。在这个体系结构中，控制平面和数据平面是相互解耦的。尽管对于SDN如何解决传统网络中一些最明显的安全问题已经进行了大量研究，但针对云安全威胁，特别是僵尸网络/恶意软件检测和云内攻击的研究却很少。本文提出了一种基于SDN解决方案的云网络入侵防御系统。为了实现协同防御，实现了僵尸网络/恶意软件拦截、扫描过滤和蜜罐机制。通过将感染了僵尸程序的虚拟机从私有云中高效移除，隔离了恶意流量。扫描行为可以在预防的早期阶段进行过滤，从而降低虚拟机的可利用性。还部署了蜜罐机制来诱捕攻击者。实验结果表明，该系统具有较高的检出率、较高的预防准确率和较低的脆弱性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE International Conference on Communication Software and Networks (ICCSN)

自引率

0.00%

发文量