Deployment of Intrusion Prevention System based on Software Defined Networking

Zhang, Lei; Shou, Guochu; Hu, Yihong; Guo, Zhouyi

doi:10.1109/icct.2013.6820345

Cited by 16 publications

(9 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Middleboxes serve both in analysing traffic for anomaly detection and in determining the appropriate action to mitigate against an identified attack. The advantage of IPS deployment based on SDN with unified scheduling of security applications across the whole network and load balancing among IPSs is highlighted in [134]. Solutions to the placement and integration of SDN middleboxes are considered in [108]- [112] while novel network security services deployed via SDN middleboxes are described in [113]- [116].…”

Section: Security Middleboxes -Architectures and Servicesmentioning

confidence: 99%

A Survey of Security in Software Defined Networks

Scott-Hayward

Natarajan²,

Sezer

2016

IEEE Commun. Surv. Tutorials

411

213

View full text Add to dashboard Cite

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

show abstract

Section: Security Middleboxes -Architectures and Servicesmentioning

confidence: 99%

A Survey of Security in Software Defined Networks

Scott-Hayward

Natarajan²,

Sezer

2016

IEEE Commun. Surv. Tutorials

411

213

View full text Add to dashboard Cite

show abstract

“…In Maccherani et al, 17 a flow-based IDS platform is proposed mainly to protect servers against the denial-of-service attacks. In order to support a unified scheduling of security applications in a network, Zhang et al 18 propose an SDN-based IPS deployment approach, where the load balancing mechanism among the IPSs is also considered.…”

Section: Dpi In Sdnsmentioning

confidence: 99%

Traffic scheduling for deep packet inspection in software‐defined networks

Huang

Guo

2016

Concurrency and Computation

View full text Add to dashboard Cite

Deep packet inspection (DPI) is important for network security. In this paper, we consider a software-defined network where several DPI proxy nodes are available for serving flows from ingress switches. These DPI proxy nodes can be implemented in either software or hardware.We study an integrated proxy allocation and routing determining problem with the objective of minimizing the total delay of flows from ingress switches to DPI proxies. This problem is formulated as an integer linear programming problem that is NP-hard in general. To solve this problem, we design a 2-phase algorithm that can quickly select proxy and find routing paths for incoming flows. Finally, extensive simulations are conducted to evaluate the performance of our proposed algorithm. Some useful parameter setting insights are obtained.

show abstract

“…Security services, such as Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are essential in protecting the network from attacks. In [16], the authors propose an SDN-based IPS deployment among Data Centers (DC) that are interconnected through the Internet. This proposal reduces the maintenance costs and improves the utilization rate of current IPS devices.…”

Section: Securitymentioning

confidence: 99%

BYOC: Bring Your Own Control a new concept to monetize SDN's openness

Aflatoonian¹,

Bouabdallah²,

Catros³

et al. 2015

Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft)

View full text Add to dashboard Cite

International audienceSoftware Defined Networking (SDN) is supposed to bring flexibility, dynamicity and automation to today's network through a logically centralized network controller. We argue that reaching SDN's full capacities requires however the development of standardized programming capabilities on its top. In this paper we introduce "Bring Your Own Control" (BYOC) as a new concept providing a convenient framework structuring the openness of the SDN on its northbound side. We derive from the lifecycle characterizing the services deployed in an SDN, the parts of services the control of which may be delegated by the operator to external customers through dedicated application programming interfaces (API) located in the northbound interface (NBI). We argue that the exploitation of such services may noticeably be refined by the operator through various business models monetizing the openness of the SDN following the new paradigm of "Earn as Your Bring" (EaYB). We propose an analysis of BYOC and we illustrate our approach with several use cases

show abstract

Deployment of Intrusion Prevention System based on Software Defined Networking

Cited by 16 publications

References 5 publications

A Survey of Security in Software Defined Networks

A Survey of Security in Software Defined Networks

Traffic scheduling for deep packet inspection in software‐defined networks

BYOC: Bring Your Own Control a new concept to monetize SDN's openness

Contact Info

Product

Resources

About