We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device's Internet Protocol (IP) address. Finally, the rate of false positives can be kept sufficiently low by tuning the threshold parameters of the detection algorithms. The experimental results show that the launched port-scanning and DoS attacks can be detected and stopped in real-time. We conducted extensive experiments in a purpose-built testbed environment. Furthermore, we include QoS as a DoS attack mitigation, which relies on flow-statistics from a network switch. As a mechanism to defend against port-scanning, we outline and test our Port Bingo (PB) algorithm.
We have implemented and tested two connection-based techniques as part of the IDPS, namely the Credit-Based Threshold Random Walk (CB-TRW) and Rate Limiting (RL).
However, the proposed design and detection methodology has the potential to be expanded to a wide range of other malicious activities. We specifically focus on defending against port-scanning and Denial of Service (DoS) attacks. Our IDPS is a software-application that monitors networks and systems for malicious activities or security policy violations and takes steps to mitigate such activity. In this work, we design and implement an Intrusion Detection and Prevention System (IDPS) using SDN. This feature enables network programmability and has the potential to almost instantly block network traffic when some malicious activity is detected. SDN enables network control to be logically centralised by decoupling the control plane from the data plane. To this end, cybersecurity researchers and professionals are exploring the use of Software-Defined Networking (SDN) technology for efficient and real-time defense against cyberattacks. In many cases, it is important to detect attacks at the very early stages, before significant damage can be caused to networks and protected systems, including accessing sensitive data. Over recent years, we have observed a significant increase in the number and the sophistication of cyber attacks targeting home users, businesses, government organizations and even critical infrastructure.
0 kommentar(er)
