SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore t...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-03-01
|
Series: | Information |
Subjects: | |
Online Access: | http://www.mdpi.com/2078-2489/10/3/106 |
id |
doaj-f40473f071ea4fedb723489d40827452 |
---|---|
record_format |
Article |
spelling |
doaj-f40473f071ea4fedb723489d408274522020-11-24T23:07:41ZengMDPI AGInformation2078-24892019-03-0110310610.3390/info10030106info10030106SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS AttacksPedro Manso0José Moura1Carlos Serrão2Department of Information Science and Technology, School of Technology and Architecture, ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalInstituto de Telecomunicações (IT), ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalInformation Sciences, Technologies and Architecture Research Center (ISTAR-IUL), ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalThe current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.http://www.mdpi.com/2078-2489/10/3/106SDNDDoSIDSmirroringOpenFlowbotnet |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Pedro Manso José Moura Carlos Serrão |
spellingShingle |
Pedro Manso José Moura Carlos Serrão SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks Information SDN DDoS IDS mirroring OpenFlow botnet |
author_facet |
Pedro Manso José Moura Carlos Serrão |
author_sort |
Pedro Manso |
title |
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks |
title_short |
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks |
title_full |
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks |
title_fullStr |
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks |
title_full_unstemmed |
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks |
title_sort |
sdn-based intrusion detection system for early detection and mitigation of ddos attacks |
publisher |
MDPI AG |
series |
Information |
issn |
2078-2489 |
publishDate |
2019-03-01 |
description |
The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic. |
topic |
SDN DDoS IDS mirroring OpenFlow botnet |
url |
http://www.mdpi.com/2078-2489/10/3/106 |
work_keys_str_mv |
AT pedromanso sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks AT josemoura sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks AT carlosserrao sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks |
_version_ |
1725617571285172224 |