A Kangaroo-Based Intrusion Detection System on Software-Defined Networks

Yazdinejadna, Abbas, Parizi, Reza M., Dehghantanha, Ali, Khan, Mohammad S.

15 January 2021

In recent years, a new generation of architecture has emerged in the world of computer networks, known as software-defined networking (SDN), that aims to improve and remove the limitations of traditional networks. Although SDN provides viable benefits, it has faced many security threats and vulnerability-related issues. To solve security issues in the SDN, one of the most vital solutions is employing an intrusion detection system (IDS). Merging IDS into the SDN network remains efficient due to the unique features of SDN, such as high manageability, flexibility, and programmability. In this paper, we propose a new approach as a kangaroo-based intrusion detection system (KIDS), which is an SDN-based architecture for attack detection and malicious behaviors in the data plane. Designing a zone-based architecture in the KIDS assists us in achieving a distributed architecture which is scalable in both area and anomaly detection. In the KIDS architecture, the IDS module supplies the flow-based and packet-based intrusion detection components based on monitoring packet parser and Flow tables of the SDN switches. In the proposed approach, the IDS uses consecutive jumps like a kangaroo for announcing the attacks both to the SDN controller and other IDSs, contributing to improved scalability and efficiency. The evaluation of the proposed approach shows an enhanced performance against that of peer approaches in detecting malicious packets.

attack detection

flow table

IDS

intrusion detection system

KIDS

packet parser

SDN

software defined networking

Computing