Suspicious traffic sampling for intrusion detection in software-defined networks

详细信息    查看全文

• 作者：Taejin HaAuthor Vitae ; Sunghwan KimAuthor Vitae ; Namwon AnAuthor Vitae ; Jargalsaikhan NarantuyaAuthor Vitae ; Chiwook JeongAuthor Vitae ; JongWon KimAuthor Vitae ; Hyuk Lim ; ^{hlim@gist.ac.kr" class="auth_mail" title="E-mail the corresponding author}Author Vitae
• 关键词：Intrusion detection ; Cloud technology ; Software-defined network ; Traffic sampling
• 刊名：Computer Networks
• 出版年：2016
• 出版时间：9 November 2016
• 年：2016
• 卷：109
• 期：part_P2
• 页码：172-182
• 全文大小：2227 K

文摘

In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks.