Abstract
Network monitoring is a paramount aspect for the detection of abnormal and malicious activity. However, this feature must go hand by hand with mitigation techniques. On SDN environments, control techniques may be easily developed as a result of its ability for programming the network. In this work, we take advantage of this fact to improve the network security using the sFlow monitoring tool along with the SDN controller. We present an architecture where sFlow is in charge of detecting network anomalies defined by user rules, while the SDN technology is responsible to mitigate the intrusion. Our testbed has been implemented on Mininet and the SDN environment is governed by Opendaylight controller and the OpenFlow southbound protocol. Experimental validation demonstrate that our system can effectively report various types of intrusion associated with the reconnaissance phase of an attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
What is iPerf/iPerf3? (2003). https://iperf.fr/
OpenvSwitch (2009). http://www.openvswitch.org
Floodlight Controller (2012). http://www.projectfloodlight.org
Mininet: An instant virtual network on your laptop (2012). http://mininet.org
POX controller (2012). https://github.com/noxrepo/pox/
Ryu controller (2012). https://osrg.github.io/ryu/
Large flow (2013). http://blog.sflow.com/2013/06/large-flow-detection-script.html
OpenDaylight controller (2013). https://www.opendaylight.org
Writing sFlow applications (2015). https://sflow-rt.com/writing_applications.php
Allied Telesis: how to — use sFlow in a network (2013). https://www.alliedtelesis.com/sites/default/files/aw-_use_sflow_in_a_network_revb1.pdf
Buragohain, C., Medhi, N.: FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519–524. IEEE (2016)
Dharma, N.G., Muthohar, M.F., Prayuda, J.A., Priagung, K., Choi, D.: Time-based DDoS detection and mitigation for SDN controller. In: Network Operations and Management Symposium (APNOMS), pp. 550–553. IEEE (2015)
Giotis, K., Androulidakis, G., Maglaris, V.: Leveraging SDN for efficient anomaly detection and mitigation on legacy networks. In: 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 85–90. IEEE (2014)
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)
Gude, N., et al.: NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)
Hsiao-Chung, L., Ping, W.: Implementation of an SDN-based security defense mechanism against DDoS attacks. In: DEStech Transactions on Economics, Business and Management (ICEME-EBM) (2016)
Lyon, G.: Nmap: The Network Mapper (1997). https://nmap.org/
McKeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Nugraha, M., Paramita, I., Musa, A., Choi, D., Cho, B.: Utilizing openFlow and sFlow to detect and mitigate SYN flooding attack. J. Korea Multimed. Soc. 17(8), 988–994 (2014)
Open Networking Foundation: Software-Defined Networking (SDN) Definition (2018). https://www.opennetworking.org/sdn-resources/sdn-definition
Panchen, S., McKee, N., Phaal, P.: InMon corporations sFlow: a method for monitoring traffic in switched and routed networks. RFC 3176, September 2001. https://doi.org/10.17487/rfc3176, https://rfc-editor.org/rfc/rfc3176.txt
Phaal, P., Lavine, M.: sFlow protocol specification version 5 (2004)
Sanai, D.: Detection of promiscuous nodes using ARP packets (2001). http://www.securityfriday.com/promiscuous_detection_01.pdf
Uma, M., Padmavathi, G.: A survey on various cyber attacks and their classification. IJ Netw. Secur. 15(5), 390–396 (2013)
Zaalouk, A., Khondoker, R., Marx, R.: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In: Network Operations and Management Symposium (NOMS), pp. 1–9. IEEE (2014)
Acknowledgments
This work has been partially funded by the CODI project 2015-7793 of the University of Antioquia (Colombia) and the research project TEC2016-76795-C6-5-R “Adaptive Management of 5G Services to Support Critical Events in Cities” of the Ministry of Economy, Industry and Competitiveness (Spain).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Leal, A., Botero, J.F., Jacob, E. (2018). Improving Early Attack Detection in Networks with sFlow and SDN. In: Figueroa-García, J., Villegas, J., Orozco-Arroyave, J., Maya Duque, P. (eds) Applied Computer Sciences in Engineering. WEA 2018. Communications in Computer and Information Science, vol 916. Springer, Cham. https://doi.org/10.1007/978-3-030-00353-1_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-00353-1_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00352-4
Online ISBN: 978-3-030-00353-1
eBook Packages: Computer ScienceComputer Science (R0)