• DocumentCode
    3735316
  • Title

    Implementation of SDN based network intrusion detection and prevention system

  • Author

    Pin-Jui Chen;Yen-Wen Chen

  • Author_Institution
    Department of Communication Engineering, National Central University, Taiwan
  • fYear
    2015
  • Firstpage
    141
  • Lastpage
    146
  • Abstract
    In recent years, the rise of software-defined networks (SDN) have made network control more flexible, easier to set up and manage, and have provided a stronger ability to adapt to the changing demands of application development and network conditions. The network becomes easier to maintain, but also achieves improved security as a result of SDN. The architecture of SDN is designed for Control Plane and Forwarding Plane separation and uses open APIs to realize programmable control. SDN allows for the importing of third-party applications to improve network service, or even provide a new network service. In this paper, we present a defense mechanism, which can find attack packets previously identified through the Sniffer function, and once the abnormal flow is found, the protection mechanism of the Firewall function will be activated. For the capture of the packets, available libraries will be used to determine the properties and contents of the malicious packet, and to anticipate any possible attacks. Through the prediction of all latent malicious behaviors, our new defense algorithm can prevent potential losses like system failures or crashes and reduce the risk of being attacked.
  • Keywords
    "Ports (Computers)","Operating systems","Firewalls (computing)","Control systems","Routing"
  • Publisher
    ieee
  • Conference_Titel
    Security Technology (ICCST), 2015 International Carnahan Conference on
  • Print_ISBN
    978-1-4799-8690-3
  • Electronic_ISBN
    2153-0742
  • Type

    conf

  • DOI
    10.1109/CCST.2015.7389672
  • Filename
    7389672