Proactive DDoS attack detection in software-defined networks with Snort rule-based algorithms
Journal: International Journal of Advanced Technology and Engineering Exploration (IJATEE) (Vol.10, No. 105)Publication Date: 2023-08-31
Authors : Nor Shahniza Kamal Bashah Twiene Selynda Simbas Norjansalika Janom; Syaripah Ruzaini Syed Aris;
Page : 962-989
Keywords : Security attack; Network degradation; Proactive detection; Rule-based algorithm; Snort alert.;
Abstract
The exponential growth of application-layer programs has imposed significant constraints on the existing underlying network infrastructure. To address this escalating demand, a transition towards a software-oriented network infrastructure becomes indispensable. Software-defined networks (SDN), which decouples the data and control planes, transforming them into a programmable network controlled by a central controller, emerges as the solution. This approach enhances network management, leading to reduced operational expenditures (OPEX), heightened quality of service, and the achievement of desired scalability. However, the shift towards a programmable network infrastructure exposes vulnerabilities to existing security threats. In this research, additional security measures were proposed with the aim of detecting and preventing security threats, particularly distributed denial of service (DDoS) attacks. For simulation purposes, the Mininet platform is employed. The Ryu controller is configured as an SDN controller, responsible for transmitting and removing OpenFlow messages to and from switches, along with handling incoming packets. Snort plays a crucial role in analyzing suspicious traffic entering the network. This incoming traffic undergoes examination based on predefined rules, triggering an alert if any traffic matches these rules. The internet control message protocol (ICMP) flooding method was employed to execute DDoS attacks. Based on the results and findings, an extensive volume of packets was observed during attacks on the SDN network. Furthermore, connectivity tests conducted through ping tests towards the targeted machine resulted in 100% packet loss. This outcome signified the denial of resource access on the targeted machine during an attack, consequently leading to a decline in overall network performance. Analysis of the amassed data revealed that early detection through rule-based Snort implementation could significantly mitigate the impact on SDN networks. Consequently, the adoption of Snort for proactive DDoS attack detection in SDN networks was proposed. This approach empowered network administrators to respond promptly upon the occurrence of a Snort-generated alert.
Other Latest Articles
- Búsqueda de metaplasia escamosa en personas fumadoras y no fumadoras residentes de 3 poblaciones de México con diferentes niveles de contaminación del aire
- Depression as an effect of the COVID-19 pandemic in a sample of university students
- Las plantas medicinales de México como fuente de compuestos antimicobacterianos y antituberculosos: revisión bibliográfica
- Complicaciones relacionadas con la cirugía de epilepsia: artículo de revisión
- Complicaciones de la otitis media: artículo de revisión
Last modified: 2023-09-04 14:50:12