Visible to the public Reduction of traffic between switches and IDS for prevention of DoS attack in SDN

TitleReduction of traffic between switches and IDS for prevention of DoS attack in SDN
Publication TypeConference Paper
Year of Publication2019
AuthorsQuingueni, A. M., Kitsuwan, N.
Conference Name2019 19th International Symposium on Communications and Information Technologies (ISCIT)
Keywordscentralized controller, composability, computer network security, denial of service (dos), DoS attack, end-to-end traffic, IDS, IDS delays, intrusion detection system, Intrusion Detection System (IDS), malicious packets, pubcrawl, resilience, Resiliency, SDN, Software Defined Network (SDN), software defined networking, software-defined network, telecommunication congestion control, telecommunication switching, telecommunication traffic
Abstract

Denial of service (DoS) is a process of injecting malicious packets into the network. Intrusion detection system (IDS) is a system used to investigate malicious packets in the network. Software-defined network (SDN) physically separates control plane and data plane. The control plane is moved to a centralized controller, and it makes a decision in the network from a global view. The combination between IDS and SDN allows the prevention of malicious packets to be more efficient due to the advantage of the global view in SDN. IDS needs to communicate with switches to have an access to all end-to-end traffic in the network. The high traffic in the link between switches and IDS results in congestion. The congestion between switches and IDS delays the detection and prevention of malicious traffic. To address this problem, we propose a historical database (Hdb), a scheme to reduce the traffic between switches and IDS, based on the historical information of a sender. The simulation shows that in the average, 54.1% of traffic mirrored to IDS is reduced compared to the conventional schemes.

DOI10.1109/ISCIT.2019.8905165
Citation Keyquingueni_reduction_2019