DocumentCode :
119915
Title :
A fuzzy logic-based information security management for software-defined networks
Author :
Dotcenko, Sergei ; Vladyko, Andrei ; Letenko, Ivan
Author_Institution :
Bonch-Bruevich St.-Petersburg State Univ. of Telecommun., St. Petersburg, Russia
fYear :
2014
fDate :
16-19 Feb. 2014
Firstpage :
167
Lastpage :
171
Abstract :
In terms of network security, software-defined networks (SDN) offer researchers unprecedented control over network infrastructure and define a single point of control over the data flows routing of all network infrastructure. OpenFlow protocol is an embodiment of the software-defined networking paradigm. OpenFlow network security applications can implement more complex logic processing flows than their permission or prohibition. Such applications can implement logic to provide complex quarantine procedures, or redirect malicious network flows for their special treatment. Security detection and intrusion prevention algorithms can be implemented as OpenFlow security applications, however, their implementation is often more concise and effective. In this paper we considered the algorithm of the information security management system based on soft computing, and implemented a prototype of the intrusion detection system (IDS) for software-defined network, which consisting of statistic collection and processing module and decision-making module. These modules were implemented in the form of application for the Beacon controller in Java. Evaluation of the system was carried out on one of the main problems of network security - identification of hosts engaged in malicious network scanning. For evaluation of the modules work we used mininet environment, which provides rapid prototyping for OpenFlow network. The proposed algorithm combined with the decision making based on fuzzy rules has shown better results than the security algorithms used separately. In addition the number of code lines decreased by 20-30%, as well as the opportunity to easily integrate the various external modules and libraries, thus greatly simplifies the implementation of the algorithms and decision-making system.
Keywords :
decision making; fuzzy logic; protocols; security of data; software radio; telecommunication control; telecommunication network management; telecommunication network routing; telecommunication security; Java; OpenFlow protocol; beacon controller; data flows routing; decision making; decision-making module; fuzzy logic-based information security management; intrusion detection system; intrusion prevention algorithms; logic processing flows; malicious network flows; malicious network scanning; mininet environment; network infrastructure; network security; processing module; security detection; soft computing; software-defined networks; statistic collection; Decision making; Information security; Software algorithms; Switches; Training; Fuzzy Logic; Information security; OpenFlow; Port scan; Software-Defined Networks;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Advanced Communication Technology (ICACT), 2014 16th International Conference on
Conference_Location :
Pyeongchang
Print_ISBN :
978-89-968650-2-5
Type :
conf
DOI :
10.1109/ICACT.2014.6778942
Filename :
6778942
Link To Document :
بازگشت