Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

Birkinshaw, Celyn; Rouka, Elpida; Vassilakis, Vassilios G.

doi:10.1016/j.jnca.2019.03.005

Cited by 89 publications

(38 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Birkinshaw et al [41] implemented an IDS using softwaredefined networking (SDN). The authors have targeted two types of attacks: DoS and port scanning, for which they implemented Credit-Based Threshold Random Walk (CB-TRW) and Rate Limiting (RL).…”

Section: A Cybercrime Detection Using Statistical Methodsmentioning

confidence: 99%

Comprehensive Review of Cybercrime Detection Techniques

et al. 2020

View full text Add to dashboard Cite

Cybercrimes describe cases of indictable offences and misdemeanours in which computer or any communication tools are involved as targets, commission instruments, incidental to, or that cases are associated with the prevalence of computer technology. Common forms of cybercrimes could be child pornography, cyberstalking, identity theft, cyber laundering, credit card theft, cyber terrorism, drug sale, data leakage, sexually explicit content, phishing and other cyber hacking. These kinds of cybercrimes are mostly leading to breaching users' privacy, security violation, business loss, financial fraud, or damage in public as well as government properties. Hence, this paper intensively reviews cybercrime detection and prevention methods. It first explores the different types of cybercrimes then discusses their threats against privacy and security in computer systems. It also describes the strategies that cybercriminals might utilize in committing these crimes against individuals, organizations, and societies. The paper then reviews the existing techniques of cybercrime detection and prevention. It objectively discusses the strengths and critically analyses the vulnerabilities of each technique. As a future study, the paper provides recommendations for the development of cybercrime detection model in which it is capable to effectively detect cybercrime in comparison to the existing techniques.

show abstract

Section: A Cybercrime Detection Using Statistical Methodsmentioning

confidence: 99%

Comprehensive Review of Cybercrime Detection Techniques

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Most of the research projects [23], [24], [25], [2], [13] develop defending mechanism against DDoS attacks using SDN whereas, SDN architecture itself suffer from different kind of DDoS attacks. A limited number of works [9], [10], [11], [12], [14], [15] address the potential challenges to mitigate DDoS attacks in SDN.…”

Section: Related Workmentioning

confidence: 99%

“…mod 2 24 − H2 mod 2 24 As we can see above and in Table I, we calculate the two hash values H1 and H2 (based on TCP options, secret keys k1, k2 and count) then we use them with ISNs and MSS to generate the cookie (ISNd), as it is shown in (3). For the cookie validation, there are 2 integrity controls (count(cookie) and MSS(cookie)).…”

Section: System Designmentioning

confidence: 99%

See 1 more Smart Citation

DDoS Flooding Attack Mitigation in Software Defined Networks

Mahrach¹,

Haqiq²

2020

IJACSA

View full text Add to dashboard Cite

Distributed denial of service (DDoS) attacks which have been completely covered by the security community, today pose a potential new menace in the software defined networks (SDN) architecture. For example, the disruption of the SDN controller could interrupt data communication in the whole SDN network. DDoS attacks can produce a great number of new and short traffic flows (e.g., a series of TCP SYN requests), which may launch spiteful flooding requests to overcharge the controller and cause flow-table overloading attacks at SDN switches. In this research work, we propose a lightweight and practical mitigation mechanism to protect SDN architecture against DDoS flooding threats and ensure a secure and efficient SDN-based networking environment. Our proposal extends the Data Plane (DP) with a classification and mitigation module to analyze the new incoming packets, classify the benign requests from the SYN flood attacks, and perform the adaptive countermeasures. The simulation results indicate that the proposed defending mechanism may efficiently tackle the DDoS flood attacks in the SDN architecture and also in the downstream servers.

show abstract

“…The attacks can cause high severity and impact in most cases that even small fraction of time influencing detection and prevention need to be very concern and critical. With the intrusion and attacks, the attackers can gain access of confidential data from the victims or injecting various malware inside victim"s machine [2]. With new challenges such as sophisticated malware that has been rampaging in our network, traditional conventional solution like signature-based detection that relies on malware attack pattern does not give higher impact and less efficient in preventing malware attacks [3].…”

Section: Introductionmentioning

confidence: 99%

Ransomware Behavior Attack Construction via Graph Theory Approach

Rosli¹,

Abdullah²,

Yassin³

et al. 2020

IJACSA

View full text Add to dashboard Cite

Ransomware has becoming a current trend of cyberattack where its reputation among malware that cause a massive amount recovery in terms of cost and time for ransomware victims. Previous studies and solutions have showed that when it comes to malware detection, malware behavior need to be prioritized and analyzed in order to recognize malware attack pattern. Although the current state-of-art solutions and frameworks used dynamic analysis approach such as machine learning that provide more impact rather than static approach, but there is not any approachable way in representing the analysis especially a detection that relies on malware behavior. Therefore, this paper proposed a graph theory approach which is analysis of the ransomware behavior that can be visualized into graph-based pattern. An experiment has been conducted with ten ransomware samples for malware analysis and verified using VirusTotal. Then, file system among features were selected in the experiment as a medium to understand the behavior of ransomware using data capturing tools. After that, the result of the analysis was visualized in a graph pattern based on Neo4j which is graph database tool. By using graph as a base, the discussion has been made to recognize each type of ransomware that acts differently in the file system and analyze which node that have the most impact during analysis part.

show abstract

Implementing an intrusion detection and prevention system using software-defined networking: Defending against port-scanning and denial-of-service attacks

Cited by 89 publications

References 17 publications

Comprehensive Review of Cybercrime Detection Techniques

Comprehensive Review of Cybercrime Detection Techniques

DDoS Flooding Attack Mitigation in Software Defined Networks

Ransomware Behavior Attack Construction via Graph Theory Approach

Contact Info

Product

Resources

About