Intrusion Prevention with Attack Traceback and Software-defined Control Plane for Campus Networks

Guangfeng Guo1, 2, Junxing Zhang1 and Zhanfei Ma2

  1. College of Computer Science, Inner Mongolia University
    010021 Hohhot, China
    guoguangfeng@163.com, junxing@imu.edu.cn
  2. Baotou Teachers’ College, Inner Mongolia University of Science & Technology
    014030 Baotou, China
    mazhanfei@163.com

Abstract

As traditional networks, the software-defined campus network also suffers from intrusion attacks. Current solutions for intrusion prevention cannot meet the requirements of the campus network. Existing methods of attack traceback are either limited to specific protocols or incur high overhead. To protect the data center (DC) of the campus network from internal and external attacks, we propose an Intrusion Prevention System (IPS) based on the coordinated control between the detection engine, the attack traceback agent, and the software-defined control plane. Our solution includes a novel algorithm to infer the best switch port for defending different attacks of varied scales based on the inverse HSA (Header Space Analysis) and the global view of the software-defined controller. The proposed scheme can effectively and timely block the malicious traffic not only protecting victim hosts from attacks but also preventing the whole network from suffering unwanted transmission burden. The proposed IPS is deployed on the bypass of the DC switch and collects network traffic by port mirroring. Compared with the traditional serial deployment, the new design helps defend the DC internal attacks, reduce the probability of network congestion, and avoid the single point of failure. The experimental results show that the overhead of our IPS is very low, which enables it to meet the real-time requirements. The average defense time is between 10 and 14 ms for the data center internal attacks of different scales. For external attacks, the maximum defense time is about 76 ms for a large-scale network with 100 switches.

Key words

IPS, Intrusion Prevention System, SDN, Software-defined Network, Attack Traceback, Inverse Forwarding Function, HSA, Header Space Analysis, Campus Networks, DC, Data Center

Digital Object Identifier (DOI)

https://doi.org/10.2298/CSIS200206049G

Publication information

Volume 18, Issue 3 (June 2021)
Year of Publication: 2021
ISSN: 1820-0214 (Print) 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Guo, G., Zhang, J., Ma, Z.: Intrusion Prevention with Attack Traceback and Software-defined Control Plane for Campus Networks. Computer Science and Information Systems, Vol. 18, No. 3, 867–891. (2021), https://doi.org/10.2298/CSIS200206049G