Skip to main content
SpringerLink
Log in

Improving Early Attack Detection in Networks with sFlow and SDN

  • Conference paper
  • First Online:
Applied Computer Sciences in Engineering (WEA 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 916))

Included in the following conference series:

Abstract

Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. What is iPerf/iPerf3? (2003). https://iperf.fr/

  2. OpenvSwitch (2009). http://www.openvswitch.org

  3. Floodlight Controller (2012). http://www.projectfloodlight.org

  4. Mininet: An instant virtual network on your laptop (2012). http://mininet.org

  5. POX controller (2012). https://github.com/noxrepo/pox/

  6. Ryu controller (2012). https://osrg.github.io/ryu/

  7. Large flow (2013). http://blog.sflow.com/2013/06/large-flow-detection-script.html

  8. OpenDaylight controller (2013). https://www.opendaylight.org

  9. Writing sFlow applications (2015). https://sflow-rt.com/writing_applications.php

  10. Allied Telesis: how to — use sFlow in a network (2013). https://www.alliedtelesis.com/sites/default/files/aw-_use_sflow_in_a_network_revb1.pdf

  11. Buragohain, C., Medhi, N.: FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519–524. IEEE (2016)

    Google Scholar 

  12. Dharma, N.G., Muthohar, M.F., Prayuda, J.A., Priagung, K., Choi, D.: Time-based DDoS detection and mitigation for SDN controller. In: Network Operations and Management Symposium (APNOMS), pp. 550–553. IEEE (2015)

    Google Scholar 

  13. Giotis, K., Androulidakis, G., Maglaris, V.: Leveraging SDN for efficient anomaly detection and mitigation on legacy networks. In: 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 85–90. IEEE (2014)

    Google Scholar 

  14. Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)

    Article  Google Scholar 

  15. Gude, N., et al.: NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)

    Article  Google Scholar 

  16. Hsiao-Chung, L., Ping, W.: Implementation of an SDN-based security defense mechanism against DDoS attacks. In: DEStech Transactions on Economics, Business and Management (ICEME-EBM) (2016)

    Google Scholar 

  17. Lyon, G.: Nmap: The Network Mapper (1997). https://nmap.org/

  18. McKeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  19. Nugraha, M., Paramita, I., Musa, A., Choi, D., Cho, B.: Utilizing openFlow and sFlow to detect and mitigate SYN flooding attack. J. Korea Multimed. Soc. 17(8), 988–994 (2014)

    Article  Google Scholar 

  20. Open Networking Foundation: Software-Defined Networking (SDN) Definition (2018). https://www.opennetworking.org/sdn-resources/sdn-definition

  21. Panchen, S., McKee, N., Phaal, P.: InMon corporations sFlow: a method for monitoring traffic in switched and routed networks. RFC 3176, September 2001. https://doi.org/10.17487/rfc3176, https://rfc-editor.org/rfc/rfc3176.txt

  22. Phaal, P., Lavine, M.: sFlow protocol specification version 5 (2004)

    Google Scholar 

  23. Sanai, D.: Detection of promiscuous nodes using ARP packets (2001). http://www.securityfriday.com/promiscuous_detection_01.pdf

  24. Uma, M., Padmavathi, G.: A survey on various cyber attacks and their classification. IJ Netw. Secur. 15(5), 390–396 (2013)

    Google Scholar 

  25. Zaalouk, A., Khondoker, R., Marx, R.: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In: Network Operations and Management Symposium (NOMS), pp. 1–9. IEEE (2014)

    Google Scholar 

Download references

Acknowledgments

This work has been partially funded by the CODI project 2015-7793 of the University of Antioquia (Colombia) and the research project TEC2016-76795-C6-5-R “Adaptive Management of 5G Services to Support Critical Events in Cities” of the Ministry of Economy, Industry and Competitiveness (Spain).

Author information

Authors and Affiliations

  1. Universidad de Antioquia, Calle 67 # 53 - 108, Medellín, Colombia

    Alexander Leal & Juan Felipe Botero

  2. Dpto. de Ingeniería de Comunicaciones, Escuela de Ingeniería de Bilbao, UPV/EHU, Pza. Ingeniero Torres Quevedo 1, 48013, Bilbao, Spain

    Eduardo Jacob

Authors
  1. Alexander Leal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juan Felipe Botero
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eduardo Jacob
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander Leal .

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, Universidad Distrital Francisco José de Caldas, Bogotá, Colombia

    Juan Carlos Figueroa-García

  2. Department of Industrial Engineering, University of Antioquia, Medellín, Colombia

    Juan G. Villegas

  3. Department of Electronics and Telecomunications Engineering, University of Antioquia, Medellín, Colombia

    Juan Rafael Orozco-Arroyave

  4. Department of Industrial Engineering, University of Antioquia, Medellín, Colombia

    Pablo Andres Maya Duque

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leal, A., Botero, J.F., Jacob, E. (2018). Improving Early Attack Detection in Networks with sFlow and SDN. In: Figueroa-García, J., Villegas, J., Orozco-Arroyave, J., Maya Duque, P. (eds) Applied Computer Sciences in Engineering. WEA 2018. Communications in Computer and Information Science, vol 916. Springer, Cham. https://doi.org/10.1007/978-3-030-00353-1_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00353-1_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00352-4

  • Online ISBN: 978-3-030-00353-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation