Abstract
Software Defined Networks (SDN) with OpenFlow (OF) based protocol tend to transform traditional network architecture to vendor independent architecture with data-plane and control-plane programmability. This programmability provides a rich functionality in central traffic management, switch configuration, Intrusion Detection System (IDS) integration and global view of entire deployed infrastructure. The SDN network comprises single point failure vulnerability mainly at central controller unit, the deployment of standalone legacy IDS sensors cannot guarantee for safeguard against intruders. Therefore, in the first stage of proposed work, a signature-based Snort IDS is implemented for malicious activity detection and traffic monitoring with traffic mirroring in Open vSwitch (OVS), then store in csv log file of Barnyard 2. In second stage, for the purpose of effective attack detection in the test-bed, a flowbased anomaly detection is deployed with Deep Neural Networks (DNN) to improve the signature-based IDS limitation with higher detection rate with low false-positive triggers. To assess the efficacy of our proposed collaborative detection technique, a testbed is developed to simulate malicious and benign traffic. From the simulation results, our collaborative detection mechanism achieved more than 90% true positive rate with less than 5% of false alarms for all TCP, UDP and ICMP attacks in general, demonstrating effective malicious traffic detection method as compared to conventional signature based methodologies.
Original language | English |
---|---|
Title of host publication | 20th International Conference on High Performance Computing and Communications; 16th International Conference on Smart City; 4th International Conference on Data Science and Systems |
Subtitle of host publication | HPCC/SmartCity/DSS 2018 |
Place of Publication | Piscataway, NJ |
Publisher | IEEE |
Pages | 915-920 |
Number of pages | 6 |
ISBN (Electronic) | 9781538666142 |
ISBN (Print) | 9781538666159 |
DOIs | |
Publication status | Published - 2018 |
Event | International Symposium on Advances in High Performance Computing and Networking: In conjunction with The 20th IEEE International Conference on High Performance Computing and Communications - Exeter, United Kingdom Duration: 28 Jun 2018 → 30 Jun 2018 http://cse.stfx.ca/~hpcc2018/AHPCN.htm |
Conference
Conference | International Symposium on Advances in High Performance Computing and Networking |
---|---|
Abbreviated title | AHPCN-2018 |
Country/Territory | United Kingdom |
City | Exeter |
Period | 28/06/18 → 30/06/18 |
Internet address |
Keywords
- Software defined networks
- OpenFlow
- Open vSwitch
- Barnyard 2
- Snort
- Deep neural networks