skip to main content
10.1145/3017971.3017982acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiccnsConference Proceedingsconference-collections
research-article

An Anomaly-based Intrusion Detection Architecture Integrated on OpenFlow Switch

Published: 26 November 2016 Publication History

Abstract

Recently, Internet-based systems need to be changed their configuration dynamically. Traditional networks have very limited ability to cope up with such frequent changes and hinder innovations management and configuration procedures. To address this issue, Software Defined Networking (SDN) has been emerging as a new network architecture that allows for more flexibility through software-enabled network control. However, the dynamism of programmable networks also faces new security challenges that demand innovative solutions. Among the widespread mechanisms of SDN security control applications, anomaly-based IDS is an extremely effective technique in detecting both known and unknown (new) attack types. In this paper, we propose an anomaly-based Intrusion Detection architecture integrated on OpenFlow Switch. The proposed system can detect and prevent a network from many attack types, especially new attack types using anomaly detection. We implement the proposed system on the FPGA technology using a Xilinx Virtex-5 xc5vtx240t device. In this FPGA-based prototype, we integrate an anomaly-based intrusion detection technique to be able to defend against many attack types and anomalous on the network traffic. The experimental results show that our system achieves a detection rate exceeding 91.81% with a 0.55% false alarms rate at maximum.

References

[1]
P. Goransson, C. Black, "Software Defined Networks: A Comprehensive Approach," Elsevier, 2014.
[2]
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, "Openflow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69--77, 2008.
[3]
Izzat Alsmadi, Dianxiang Xu, "Security of Software Defined Networks: A Survey," Computers & Security, 0167-4048/© Elsevier Ltd., p. 30, 2015.
[4]
"http://www.snort.org: Open-Source Network IDS/IPS".
[5]
T. Xing, D. Huang, Le Xu, Chun-Jen Chung, P. Khatkar, "Snortflow: A OpenFlow-based Intrusion Prevention System in cloud environment," in GENI Research and Educational Experiment Workshop, 2013.
[6]
C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang, "Nice: Network intrusion detection and countermeasure selection in virtual network systems," in IEEE Transactions on Dependable and Secure Computing, 2013.
[7]
T. Xing, Z. Xiong, D. Huang, D. Medhi, "SDNIPS: Enabling Software-Defined Networking Based Intrusion Prevention System in Clouds," in 10th CNSM and Workshop ©IFIP, USA, 2014.
[8]
J. H. Jafarian, E. AI-Shaer, and Q. Duan, "Openflow random host mutation: Transparent moving target defense using software defined networking," in HotSDN, 2012.
[9]
S. Hong, L. Xu, H. Wang, G. Gu, "Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures," in NDSS, San Diego, CA, USA, 2015.
[10]
N. Bhargava, G. Sharma, R. Bhargava, M. Mathuria, "Decision Tree Analysis on J48 Algorithm for Data Mining," IJAR in CS&SE, vol. 3, no. 6, p. 6, 2013.
[11]
V. Chandola, A. Banerjee, and V. Kumar, "Anomaly Detection: A Survey," ACM Computing Surveys, 2009.
[12]
NetFPGA, ""Netfpga 10g." http://netfpga.org".
[13]
Ian H.Witten, Eibe Frank, Mark A.Hall, "Bagging," in Data Mining: Practical Machine Learning Tools and Technique, Elsevier, 2011, pp. 352--356.
[14]
"Dataset., KDD. Kdd cup 1999," 1999.

Cited By

View all
  • (2024)Survey: Intrusion Detection System in Software-Defined NetworkingIEEE Access10.1109/ACCESS.2024.349338412(164097-164120)Online publication date: 2024
  • (2024)Overview of DDoS Attack Detection in Software-Defined NetworksIEEE Access10.1109/ACCESS.2024.337539512(38351-38381)Online publication date: 2024
  • (2023)Boosting Algorithms-Based Intrusion Detection System: A Performance Comparison PerspectiveProceedings on International Conference on Data Analytics and Computing10.1007/978-981-99-3432-4_24(307-321)Online publication date: 9-Aug-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICCNS '16: Proceedings of the 6th International Conference on Communication and Network Security
November 2016
133 pages
ISBN:9781450347839
DOI:10.1145/3017971
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 November 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. FPGA
  2. Network Security
  3. OpenFlow Network
  4. Software Defined Networking
  5. anomaly-based IDS

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ICCNS '16

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)7
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Survey: Intrusion Detection System in Software-Defined NetworkingIEEE Access10.1109/ACCESS.2024.349338412(164097-164120)Online publication date: 2024
  • (2024)Overview of DDoS Attack Detection in Software-Defined NetworksIEEE Access10.1109/ACCESS.2024.337539512(38351-38381)Online publication date: 2024
  • (2023)Boosting Algorithms-Based Intrusion Detection System: A Performance Comparison PerspectiveProceedings on International Conference on Data Analytics and Computing10.1007/978-981-99-3432-4_24(307-321)Online publication date: 9-Aug-2023
  • (2022)Overhead Reduction Technique for Software-Defined Network Based Intrusion Detection SystemsIEEE Access10.1109/ACCESS.2022.318472210(66481-66491)Online publication date: 2022
  • (2022)A Study of IDS-based Software-defined Networking by Using Machine Learning ConceptAdvances in Data and Information Sciences10.1007/978-981-16-5689-7_6(65-79)Online publication date: 1-Jan-2022
  • (2021)Intrusion detection system in Software defined Network using machine learning approach - Survey2021 6th International Conference on Communication and Electronics Systems (ICCES)10.1109/ICCES51350.2021.9489141(803-807)Online publication date: 8-Jul-2021
  • (2020)A Survey on Intrusion Detection System for Software Defined Networks (SDN)International Journal of Business Data Communications and Networking10.4018/IJBDCN.202001010316:1(28-47)Online publication date: 1-Jan-2020
  • (2020)The Usage Analysis of Machine Learning Methods for Intrusion Detection in Software-Defined NetworksResearch Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch045(959-975)Online publication date: 27-Nov-2020
  • (2020)A Survey on Intrusion Detection System for Software Defined Networks (SDN)Research Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch023(467-489)Online publication date: 27-Nov-2020
  • (2019)The Usage Analysis of Machine Learning Methods for Intrusion Detection in Software-Defined NetworksArtificial Intelligence and Security Challenges in Emerging Networks10.4018/978-1-5225-7353-1.ch005(124-145)Online publication date: 2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media