SDN-IPS: Uma Ferramenta para Contenção Automatizada e Colaborativa de Ataques Cibernéticos Baseada em SDN

Italo Brito; Adriana Ribeiro; Leobino Sampaio

doi:10.5753/sbrc_estendido.2018.14172

Italo Brito UFBA
Adriana Ribeiro UFBA
Leobino Sampaio UFBA

DOI: https://doi.org/10.5753/sbrc_estendido.2018.14172

Abstract

The growth and diversity of cyber attacks imply stricted temporal requirements and ﬂexibility in security controls deployment. Therefore, automation and collaborative actions are essencials in such scenarios. This paper presents SDN-IPS, a tool that put together the visibility of Intrusion Detection Systems with SDN's programability in order to create a solution for attacks contention through blocking, rate limit, and quarantine strategies. SDN-IPS can be used for technical purposes, in campus and backbone networks, or to networks and secutity teaching. Thus, it can help network operators and researchers in malicious activity detection and containment. Demonstrations will be performed using FIBRE testebed with MetroEthernet links (e-Line) and interdomain routing (BGP) applications.

References

CERT.br (2017). Estatísticas dos Incidentes Reportados ao CERT.br. https://www.cert.br/stats/incidentes/. íUltimo acesso em 09 de Março de 2018.

Chi, Y., Jiang, T., Li, X., and Gao, C. (2017). Design and implementation of cloud platform intrusion prevention system based on sdn. In IEEE 2nd International Conference on Big Data Analysis (ICBDA), pages 847–852.

Kreutz, D., Ramos, F. M. V., Veríssimo, P., Rothenberg, C. E., Azodolmolky, S., and Uhlig, S. (2014). Software-Dened Networking: A Comprehensive Survey. Proceedings of the IEEE, 103(1):63.

Marques, P., Sheth, N., Raszuk, R., Greene, B., Mauch, J., and McPherson, D. (2009).

Dissemination of Flow Specication Rules. RFC 5575 (Proposed Standard).

Yang, X., Han, B., Sun, Z., and Huang, J. (2017). SDN-based DDoS Attack Detection with Cross-Plane Collaboration and Lightweight Flow Monitoring. GLOBECOM.