SDN-Based Network Intrusion Detection as DDoS defense system for Virtualization Environment
Nowadays, DDoS attacks are often aimed at cloud computing environments, as more people use virtualization servers. With so many Nodes and distributed services, it will be challenging to rely solely on conventional networks to control and monitor intrusions. We design and deploy DDoS attack defense systems in virtualization environments based on Software-defined Networking (SDN) by combining signature-based Network Intrusion Detection Systems (NIDS) and sampled flow (sFlow). These techniques are practically tested and evaluated on the Proxmox production Virtualization Environment testbed, adding High Availability capabilities to the Controller. The evaluation results show that it promptly detects several types of DDoS attacks and mitigates their negative impact on network performance. Moreover, it also shows good results on Quality of Service (QoS) parameters such as average packet loss about 0 %, average latency about 0.8 ms, and average bitrate about 860 Mbit/s.
A. P. Utomo, I. Winarno, and I. Syarif, “Towards a Resilient Server with an external VMI in the Virtualization Environment,” Emit. Int. J. Eng. Technol., vol. 8, no. 1, pp. 49–66, Jun. 2020, doi: 10.24003/emitter.v8i1.468. DOI: https://doi.org/10.24003/emitter.v8i1.468
Q. Yan and F. R. Yu, “Distributed denial of service attacks in software-defined networking with cloud computing,” IEEE Commun. Mag., vol. 53, no. 4, pp. 52–59, Apr. 2015, doi: 10.1109/MCOM.2015.7081075. DOI: https://doi.org/10.1109/MCOM.2015.7081075
M. Hao, “2020 Mid-Year DDoS Attack Landscape Report-3,” NSFOCUSGLOBAL, 3, Aug. 2020.
P. Manso, J. Moura, and C. Serrão, “SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks,” Information, vol. 10, no. 3, p. 106, Mar. 2019, doi: 10.3390/info10030106. DOI: https://doi.org/10.3390/info10030106
S. Badotra and S. N. Panda, “SNORT based early DDoS detection system using Opendaylight and open networking operating system in software defined networking,” Clust. Comput., May 2020, doi: 10.1007/s10586-020-03133-y. DOI: https://doi.org/10.1007/s10586-020-03133-y
Maxli Campos and J. S. B. Martins, “A Sdn-Based Flexible System For On-The-Fly Monitoring And Treatment Of Security Events,” Jan. 2017, doi: 10.5281/ZENODO.1291094.
Po-Wen Chi∗, Chien-Ting Kuo∗†, and He-Ming Ruan∗, “An AMI Threat Detection Mechanism Based on SDN Networks,” Secur. 2014 Eighth Int. Conf. Emerg. Secur. Inf. Syst. Technol., no. 8, p. 208, 2014.
A. Yazdinejadna, R. M. Parizi, A. Dehghantanha, and M. S. Khan, “A kangaroo-based intrusion detection system on software-defined networks,” Comput. Netw., vol. 184, p. 107688, Jan. 2021, doi: 10.1016/j.comnet.2020.107688. DOI: https://doi.org/10.1016/j.comnet.2020.107688
M. A. Lopez, D. M. Ferrazani Mattos, and O. C. M. B. Duarte, “An elastic intrusion detection system for software networks,” Ann. Telecommun., vol. 71, no. 11–12, pp. 595–605, Dec. 2016, doi: 10.1007/s12243-016-0506-y. DOI: https://doi.org/10.1007/s12243-016-0506-y
P. M. Ombase, S. T. Bagade, N. P. Kulkarni, and A. V. Mhaisgawali, “DoS Attack Mitigation Using Rule Based and Anomaly Based Techniques in Software Defined Networking,” p. 7, 2017. DOI: https://doi.org/10.1109/ICICI.2017.8365396
S. Wang et al., “SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks,” in NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Apr. 2018, pp. 1–5. doi: 10.1109/NOMS.2018.8406196. DOI: https://doi.org/10.1109/NOMS.2018.8406196
N. I. G. Dharma, M. F. Muthohar, J. D. A. Prayuda, K. Priagung, and D. Choi, “Time-based DDoS detection and mitigation for SDN controller,” in 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), Busan, South Korea, Aug. 2015, pp. 550–553. doi: 10.1109/APNOMS.2015.7275389. DOI: https://doi.org/10.1109/APNOMS.2015.7275389
M. Latah and L. Toker, “A novel intelligent approach for detecting DoS flooding attacks in software-defined networks,” Int. J. Adv. Intell. Inform., vol. 4, no. 1, p. 11, Mar. 2018, doi: 10.26555/ijain.v4i1.138. DOI: https://doi.org/10.26555/ijain.v4i1.138
I. Sumantra and S. Indira Gandhi, “DDoS attack Detection and Mitigation in Software Defined Networks,” in 2020 International Conference on System, Computation, Automation and Networking (ICSCAN), Pondicherry, India, Jul. 2020, pp. 1–5. doi: 10.1109/ICSCAN49426.2020.9262408. DOI: https://doi.org/10.1109/ICSCAN49426.2020.9262408
S. Usman, I. Winarno, and A. Sudarsono, “Implementation of SDN-based IDS to protect Virtualization Server against HTTP DoS attacks,” in 2020 International Electronics Symposium (IES), 2020, pp. 195–198. DOI: https://doi.org/10.1109/IES50839.2020.9231699
A. Leal, J. F. Botero, and E. Jacob, “Improving Early Attack Detection in Networks with sFlow and SDN,” in Applied Computer Sciences in Engineering, vol. 916, J. C. Figueroa-García, J. G. Villegas, J. R. Orozco-Arroyave, and P. A. Maya Duque, Eds. Cham: Springer International Publishing, 2018, pp. 323–335. doi: 10.1007/978-3-030-00353-1_29. DOI: https://doi.org/10.1007/978-3-030-00353-1_29
Copyright (c) 2021 EMITTER International Journal of Engineering Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The copyright to this article is transferred to Politeknik Elektronika Negeri Surabaya(PENS) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to PENS. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment. The copyright transfer form can be downloaded here .
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
- Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
- Authors may reproduce or authorize others to reproduce the work or derivative works for the author’s personal use or company use, provided that the source and the copyright notice of Politeknik Elektronika Negeri Surabaya (PENS) publisher are indicated.
- Authors are allowed to use and reuse their articles under the same CC-BY-NC-SA license as third parties.
- Third-parties are allowed to share and adapt the publication work for all non-commercial purposes and if they remix, transform, or build upon the material, they must distribute under the same license as the original.
Plagiarism screening will be conducted by EMITTER Journal Editorial Board using iThenticate Plagiarism Checker and CrossCheck plagiarism screening service. The author should download and sign the declaration of plagiarism form here and resubmit it with the copyright transfer form via online submission.