Software-Defined Networks (SDN) has emerged as a dominant programmable network architecture for cloud based data centers. Its centralised programmable control plane decoupled from the data plane with a global view of the network state provides new opportunities to implement innovate security mechanisms. This research leverages this features of SDN and presents the architecture of a hierarchical and lightweight Intrusion Detection System (IDS) for software enabled networks by exploiting the concept of SDN flows. It combines advantages of a flow-based IDS and a packet-based IDS in order to provide a high detection rate without degrading network performances. The flow-based IDS uses an anomaly detection algorithm based on Support Vector Machines (SVM) trained with DARPA Intrusion Detection Dataset . This first line of defence detects any intrusions on the network. When an attack is detected, the malicious flow is mirrored to a packet-based IDS, for further examination and actions. The results show that this scheme provides good detection rates and performances with minimal extra overhead.
Basu, KashinathYounas, MuhammadSchueller, QuentinPatel, MohitBall, Frank
Faculty of Technology, Design and Environment\School of Engineering, Computing and Mathematics
Year of publication: 2019Date of RADAR deposit: 2018-09-13