IPSFlow: Um framework para Sistema de Prevenção de Intrusão baseado em Redes Definidas por Software

NAGAHAMA, Fábio Yu

09 October 2013

Submitted by Cleide Dantas (cleidedantas@ufpa.br) on 2014-07-31T14:26:52Z No. of bitstreams: 2 license_rdf: 23898 bytes, checksum: e363e809996cf46ada20da1accfcd9c7 (MD5) Dissertacao_IpsflowFrameworkSistema.pdf: 5908429 bytes, checksum: 790a3383734a6d24cf5e9a14636bca8b (MD5) / Approved for entry into archive by Ana Rosa Silva (arosa@ufpa.br) on 2014-09-05T13:54:37Z (GMT) No. of bitstreams: 2 license_rdf: 23898 bytes, checksum: e363e809996cf46ada20da1accfcd9c7 (MD5) Dissertacao_IpsflowFrameworkSistema.pdf: 5908429 bytes, checksum: 790a3383734a6d24cf5e9a14636bca8b (MD5) / Made available in DSpace on 2014-09-05T13:54:37Z (GMT). No. of bitstreams: 2 license_rdf: 23898 bytes, checksum: e363e809996cf46ada20da1accfcd9c7 (MD5) Dissertacao_IpsflowFrameworkSistema.pdf: 5908429 bytes, checksum: 790a3383734a6d24cf5e9a14636bca8b (MD5) Previous issue date: 2013 / Os Sistemas de Detecção e Prevenção de Intrusão (Intrusion Detection Systems – IDS e Intrusion Prevention Systems - IPS) são ferramentas bastante conhecidas e bem consagradas no mundo da segurança da informação. Porém, a falta de integração com os equipamentos de rede como switches e roteadores acaba limitando a atuação destas ferramentas e exige um bom dimensionamento de recursos de hardware como processamento, memória e interfaces de rede de alta velocidade, utilizados para implementá-las. Diante de diversas limitações deparadas por pesquisadores e administradores de redes, surgiu o conceito de Rede Definida por Software (Software Defined Network – SDN), que ao separar os planos de controle e de dados, permite adaptar o funcionamento da rede de acordo com as necessidades de cada um. Desta forma, devido à padronização e flexibilidade propostas pelas SDNs, e das limitações apresentadas dos IPSs, esta dissertação de mestrado propõe o IPSFlow, um framework que utiliza uma rede baseada na arquitetura SDN e o protocolo OpenFlow para a criação de um IPS com ampla cobertura e que permite bloquear um tráfego caracterizado pelos IDS(s) como malicioso no equipamento mais próximo da origem. Para validar o framework, experimentos no ambiente virtual Mininet foram realizados utilizando-se o Snort como IDS para analisar tráfego de varredura (scan) gerado pelo Nmap de um host ao outro. Os resultados coletados apresentam que o IPSFlow funcionou conforme planejado ao efetuar o bloqueio de 85% do tráfego de varredura. / Intrusion Detection and Prevention Systems (IDSs/IPSs) are well known tools and well enshrined in the world of information security. However, the lack of integration with network equipment, such as switches and routers, tends to limit the performance of these tools leads to require a proper dimensioning of hardware resources such as processor, memory and high-speed network interfaces used to implement them. Faced with several limitations encountered by researchers and network administrators, the concept of Software Defined Network (SDN), that separates the data and control planes, emerged allowing to adapt the operation of the network according to their needs. Thus, due to standardization and flexibility offered by SDNs, and the limitations presented by IDSs, this dissertation proposes IPSFlow, a framework that uses a network based on the SDN architecture, and the OpenFlow protocol, to create an IPS with wide coverage that blocks a malicious traffic in the equipment closer to the origin. To validate the framework, experiments in the virtual Mininet environment were conducted using Snort as IDS to analyze scanning traffic generated by Nmap from a host to another. The results show that the IPSFlow worked as planned by blocking almost 85% of scanning traffic.

Redes de computadores

IPSFlow

Segurança de dados

SDNs

IDS

IPS

Rede definida por software

Framework

Improving fairness, throughput and blocking performance for long haul and short reach optical networks

Tariq, Sana

01 January 2015

Innovations in optical communication are expected to transform the landscape of global communications, internet and datacenter networks. This dissertation investigates several important issues in optical communication such as fairness, throughput, blocking probability and differentiated quality of service (QoS). Novel algorithms and new approaches have been presented to improve the performance of optical circuit switching (OCS) and optical burst switching (OBS) for long haul, and datacenter networks. Extensive simulations tests have been conducted to evaluate the effectiveness of the proposed algorithms. These simulation tests were performed over a number of network topologies such as ring, mesh and U.S. Long-Haul, some high processing computing (HPC) topologies such as 2D and 6D mesh torus topologies and modern datacenter topologies such as FatTree and BCube. Two new schemes are proposed for long haul networks to improve throughput and hop count fairness in OBS networks. The idea is motivated by the observation that providing a slightly more priority to longer bursts over short bursts can significantly improve the throughput of the OBS networks without adversely affecting hop-count fairness. The results of extensive performance tests have shown that proposed schemes improve the throughput of optical OBS networks and enhance the hop-count fairness. Another contribution of this dissertation is the research work on developing routing and wavelength assignment schemes in multimode fiber networks. Two additional schemes for long haul networks are presented and evaluated over multimode fiber networks. First for alleviating the fairness problem in OBS networks using wavelength-division multiplexing as well as mode-division multiplexing while the second scheme for achieving higher throughput without sacrificing hop count fairness. We have also shown the significant benefits of using both mode division multiplexing and wavelength division multiplexing in real-life short-distance optical networks such as the optical circuit switching networks used in the hybrid electronic-optical switching architectures for datacenters. We evaluated four mode and wavelength assignment heuristics and compared their throughput performance. We also included preliminary results of impact of the cascaded mode conversion constraint on network throughput. Datacenter and high performance computing networks share a number of common performance goals. Another highly efficient adaptive mode wavelength- routing algorithm is presented over OBS networks to improve throughput of these networks. The effectiveness of the proposed model has been validated by extensive simulation results. In order to optimize bandwidth and maximize throughput of datacenters, an extension of TCP called multipath-TCP (MPTCP) has been evaluated over an OBS network using dense interconnect datacenter topologies. We have proposed a service differentiation scheme using MPTCP over OBS for datacenter traffic. The scheme is evaluated over mixed workload traffic model of datacenters and is shown to provide tangible service differentiation between flows of different priority levels. An adaptive QoS differentiation architecture is proposed for software defined optical datacenter networks using MPTCP over OBS. This scheme prioritizes flows based on current network state.

Optical communication networks

optical burst switching (obs)

optical packet switching (ops)

quality of service (qos)

multi path tcp (mptcp)

multi mode optical networks

datacenters

software defined networks (sdns)

Computer Sciences

Engineering