IPSFlow – Uma Proposta de IPS Distribuído para Captura e Bloqueio Seletivo de Tráfego Malicioso em Redes Definidas por Software

  • Fábio Yu Nagahama UFPA
  • Fernando Farias UFPA
  • Elisângela Aguiar UFPA
  • Luciano Gaspary UFRGS
  • Lisandro Granville UFRGS
  • Eduardo Cerqueira UFPA
  • Antônio Abelém UFPA
DOI: https://doi.org/10.5753/sbseg.2012.20557

Abstract


Traditional Intrusion Prevention Systems (IPS) have limitations in their operations. When running in active mode, IPSes do not have a wide coverage on the network and when capturing mirrored traffic they only block malicious one when working together with network devices from the same vendor or same solution. In this scenario, we introduce in this paper the IPSFlow, an IPS framework for Software Defined Networks (SDN) that, through the OpenFlow protocol, allows the creation of an IPS with wide coverage on the network, allowing the selective capture and automated blocking of malicious traffic near its source by combining the results of different techniques of traffic analysis.

References

Ballard, J., Rae, I., Akella, A. Extensible and Scalable Network Monitoring Using OpenSAFE. Internet Network Management Workshop / Workshop on Research on Entreprise Networking. San Jose, CA. 27 Abr. 2010.

Braga, R. S., Mota, E., Passito, A. Lightweight ddos floding attack detection using nox/openfow. IEEE Conference on Local Computer Networks (2010), IEEE.

CERT, Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil. Disponível em: <http://www.cert.br>. Acesso em 25 out. 2011.

Debar, H., Curry, D., Feinstein, B. The Intrusion Detection Message Exchange Format. 2007. Disponível em: <http://tools.ietf.org/html/rfc4765>. Acesso em 20 mai. 2012.

Lantz, B., Heller, B., and McKeown, N. (2010). A network in a laptop: rapid prototyping for software-defined networks. ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets ’10, pages 19:1–19:6, New York, NY, USA. ACM

McKeown, N., Anderson, et al. OpenFlow: Enabling Innovation in Campus Networks. Computer Communication Review. 2008. Disponível em: [link]. Acesso em 20 ago. 2011.

Mehdi, S. Khalid, J., Khayam, S. Revisiting Traffic Anomaly Detection using Software Defined Networking. Recent Advances in Intrusion Detection (RAID), 2011. Disponível em: [link]. Acesso em 21 jan. 2012.

Mukhopadhyay, I., Chakraborty, M., Chakrabarti, S. A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems. Journal of Information Security, 2011, v. 2, p. 28-38.

OpenFlow. The OpenFlow Switch Specification. Disponível em: <http://OpenFlowSwitch.org>. Fevereiro 2011. Acesso em 27 set. de 2011.

Panda, M., Abraham, A., Patra, M. R. A Hybrid Intelligent Approach for Network Intrusion Detection. Procedia Engineering, 2012, v. 30, p. 1-9.

Snyder, J. Guide to Network Intrusion Prevention Systems. Disponível em: [link]. Outubro 2008. Acesso em 20 fev. 2012.
Published
2012-11-19
How to Cite

Select a Format
NAGAHAMA, Fábio Yu; FARIAS, Fernando; AGUIAR, Elisângela; GASPARY, Luciano; GRANVILLE, Lisandro; CERQUEIRA, Eduardo; ABELÉM, Antônio. IPSFlow – Uma Proposta de IPS Distribuído para Captura e Bloqueio Seletivo de Tráfego Malicioso em Redes Definidas por Software. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 12. , 2012, Curitiba. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2012 . p. 324-330. DOI: https://doi.org/10.5753/sbseg.2012.20557.

Most read articles by the same author(s)

1 2 3 4 5 6 7 8 9 10 > >>