Scalable and Dynamic Network Intrusion Detection and Prevention System

摘要

Network Intrusion Detection and Prevention Systems (NIDPS) are widely used to detect and thwart malicious activities and attacks. However, the existing NIDPS are monolithic/centralized, and hence they are very limited in terms of scalability and responsiveness. In this work, we address how to mitigate SYN Flooding attacks that can occur in the management network (OpenFlow) as well as in the production network taking into account the network scalability. Our suggested framework is a distributed and dynamic NIDPS that uses the Programming Protocol independent Packet Processors (P4) to process the network packets at the switch level and perform two main functions. First, it detects the SYN flooding attacks based on the SYN packets' rate and threshold. Secondly, our system uses a reviewed way to activate the SYN cookies in order to block/drop illegitimate packets. Our framework takes advantage of the switch programmability (i.e., using P4 language), distributed packet processing, and centralized Software Defined Networking (SDN) control, to provide an efficient and extensible NIDPS.