SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore t...

Full description

Bibliographic Details
Main Authors: Pedro Manso, José Moura, Carlos Serrão
Format: Article
Language:English
Published: MDPI AG 2019-03-01
Series:Information
Subjects:
SDN
DDoS
IDS
mirroring
OpenFlow
botnet
Online Access:http://www.mdpi.com/2078-2489/10/3/106
id doaj-f40473f071ea4fedb723489d40827452
record_format Article
spelling doaj-f40473f071ea4fedb723489d408274522020-11-24T23:07:41ZengMDPI AGInformation2078-24892019-03-0110310610.3390/info10030106info10030106SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS AttacksPedro Manso0José Moura1Carlos Serrão2Department of Information Science and Technology, School of Technology and Architecture, ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalInstituto de Telecomunicações (IT), ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalInformation Sciences, Technologies and Architecture Research Center (ISTAR-IUL), ISCTE—Instituto Universitário de Lisboa, 1649-026 Lisbon, PortugalThe current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.http://www.mdpi.com/2078-2489/10/3/106SDNDDoSIDSmirroringOpenFlowbotnet
collection DOAJ
language English
format Article
sources DOAJ
author Pedro Manso
José Moura
Carlos Serrão
spellingShingle Pedro Manso
José Moura
Carlos Serrão
SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
Information
SDN
DDoS
IDS
mirroring
OpenFlow
botnet
author_facet Pedro Manso
José Moura
Carlos Serrão
author_sort Pedro Manso
title SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
title_short SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
title_full SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
title_fullStr SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
title_full_unstemmed SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks
title_sort sdn-based intrusion detection system for early detection and mitigation of ddos attacks
publisher MDPI AG
series Information
issn 2078-2489
publishDate 2019-03-01
description The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.
topic SDN
DDoS
IDS
mirroring
OpenFlow
botnet
url http://www.mdpi.com/2078-2489/10/3/106
work_keys_str_mv AT pedromanso sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks
AT josemoura sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks
AT carlosserrao sdnbasedintrusiondetectionsystemforearlydetectionandmitigationofddosattacks
_version_ 1725617571285172224

Similar Items