Abstract
Network Intrusion Detection and Prevention Systems (NIDPS) are widely used to detect and thwart malicious activities and attacks. However, the existing NIDPS are monolithic/centralized, and hence they are very limited in terms of scalability and responsiveness. In this work, we address how to mitigate SYN Flooding attacks that can occur in the management network (OpenFlow) as well as in the production network taking into account the network scalability. Our suggested framework is a distributed and dynamic NIDPS that uses the Programming Protocol independent Packet Processors (P4) to process the network packets at the switch level and perform two main functions. First, it detects the SYN flooding attacks based on the SYN packets’ rate and threshold. Secondly, our system uses a reviewed way to activate the SYN cookies in order to block/drop illegitimate packets. Our framework takes advantage of the switch programmability (i.e., using P4 language), distributed packet processing, and centralized Software Defined Networking (SDN) control, to provide an efficient and extensible NIDPS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
P4 language specification. https://p4lang.github.io/p4-spec/. Accessed 12 Sep 2017
Afek, Y., Bremler-Barr, A., Shafir, L.: Network anti-spoofing with SDN data plane. In: IEEE Conference on Computer Communications, IEEE INFOCOM 2017, pp. 1–9. IEEE (2017)
Benton, K., Camp, L.J., Small, C.: Openflow vulnerability assessment. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151–152. ACM (2013)
Bianchi, G., Bonola, M., Capone, A., Cascone, C.: Openstate: programming platform-independent stateful openflow applications inside the switch. ACM SIGCOMM Comput. Commun. Rev. 44(2), 44–51 (2014)
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., et al.: P4: programming protocol-independent packet processors. ACM SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014)
Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., Conti, M.: A survey on the security of stateful SDN data planes. IEEE Commun. Surv. Tutor. 19, 1701–1725 (2017)
Echevarria, J.J., Garaizar, P., Legarda, J.: An experimental study on the applicability of SYN cookies to networked constrained devices. Softw. Pract. Exp.
Fontes, S.M., Hind, J.R., Narten, T., Stockton, M.L.: Blended syn cookies, 6 June 2006. US Patent 7,058,718
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comp. Commun. Rev. 38(2), 69–74 (2008)
Moshref, M., Bhargava, A., Gupta, A., Yu, M., Govindan, R.: Flow-level state transition as a new switch primitive for SDN. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 61–66. ACM (2014)
Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014)
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST special publication 800(2007), 94 (2007)
Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 165–166. ACM (2013)
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413–424. ACM (2013)
Simpson, W.A.: TCP cookie transactions (TCPCT) (2011)
Sonchack, J., Smith, J.M., Aviv, A.J., Keller, E.: Enabling practical software-defined networking security applications with OFX. In: NDSS, vol. 16, pp. 1–15 (2016)
Touitou, D., Pazi, G., Shtein, Y., Tzadikario, R.: Using TCP to authenticate IP source addresses, 12 July 2011. US Patent 7,979,694
Vörös, P., Kiss, A.: Security middleware programming using P4. In: International Conference on Human Aspects of Information Security, Privacy, and Trust, pp. 277–287. Springer (2016)
Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: 2013 Second GENI Research and Educational Experiment Workshop (GREE), pp. 89–92. IEEE (2013)
Xing, T., Xiong, Z., Huang, D., Medhi, D.: SDNIPS: enabling software-defined networking based intrusion prevention system in clouds. In: 2014 10th International Conference on Network and Service Management (CNSM), pp. 308–311. IEEE (2014)
Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., Zhang, Z.: Enabling security functions with SDN: a feasibility study. Comput. Netw. 85, 19–35 (2015)
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Mahrach, S., Mjihil, O., Haqiq, A. (2018). Scalable and Dynamic Network Intrusion Detection and Prevention System. In: Abraham, A., Haqiq, A., Muda, A., Gandhi, N. (eds) Innovations in Bio-Inspired Computing and Applications. IBICA 2017. Advances in Intelligent Systems and Computing, vol 735. Springer, Cham. https://doi.org/10.1007/978-3-319-76354-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-76354-5_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76353-8
Online ISBN: 978-3-319-76354-5
eBook Packages: EngineeringEngineering (R0)