Kernel-Space Intrusion Detection Using Software-Defined Networking

Chin, Tommy and Xiong, Kaiqi and Rahouti, Mohamed (2018) Kernel-Space Intrusion Detection Using Software-Defined Networking. EAI Endorsed Transactions on Security and Safety, 5 (15). e2. ISSN 2032-9393

[img]
Preview
Text
eai.13-7-2018.155168.pdf
Available under License Creative Commons Attribution No Derivatives.

Download (3MB) | Preview

Abstract

Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS.

Item Type: Article
Uncontrolled Keywords: Intrusion Detection and Prevention Systems (IDPS), Software-Defined Networking (SDN), Bloom Filter, Aho Corasick, Security
Subjects: H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
QA75 Electronic computers. Computer science
Depositing User: EAI Editor IV
Date Deposited: 26 Mar 2021 13:52
Last Modified: 26 Mar 2021 13:52
URI: https://eprints.eudl.eu/id/eprint/2088

Actions (login required)

View Item View Item