Article Preview
TopIntroduction
Traditional network which is more complex, time consuming, hardware centric, tight coupling of network equipment with limited services because of its manufacture’s dependent. Its static nature of architecture is ill-suited to the dynamic computing which need a device level change, unlike Software Defined Networking (SDN) which is highly dynamic and configurable topology.
Software Defined Networking
SDN is layer independent, it has three layered architecture namely data plane, control plane and application plane. The vendor can manage and administrate the network affording to the network usage. Jarraya et al. (2014) discusses about the rule set instruction in control plane, the router will act as a forwarding media. The control logic is moved to an external entity, called SDN controller where the packets are moved according to the specified instructions. SDN Data plane, an infrastructure layer, it comprises of the Forwarding Elements (FEs) which are physical and virtual switches. SDN Controller comprises of Software Based SDN Controllers that determine the flow path of packets. Hence it is a software based SDN, flexible to program according to the application. It intellects and informs decision how to configure the packet and modifies the infrastructure layer conferring to the network usage. The network administrator can change any switch rules whenever it is necessary, the rule may be prioritizing, de-prioritizing or even blocking specific types of packets, access control lists management. SDN Application plane comprises of one or more end user applications by closely binding the interaction amid network services and devices. Applications are programs that explicitly, directly, and programmatically communicate their network device to the SDN Controller via interface.
Intrusion Detection System
Intrusion Detection System is used to monitor all outgoing and incoming network traffic. A set of protocol is designed to violate the malicious packets. Akhunzada et al. (2015) discusses about the security issues in Software defined Networking. The major functions of IDS monitor is to detect, respond to unauthorized activity and it monitors the flow of packets. Specification based intrusion detection is used for monitoring the network traffic by specifying the rule set. The deviations in network behaviour are analysed and rules can be enforced accordingly. The construction of rules may consume more time, but the high degree of false rate is avoided. Since this detection methodology is specification based, it has been applied for the privileged program, application oriented and several networks. The specification-based detection methodology can be adjusted based on the application.
Proposed Framework for Specification Based Intrusion Detection System
To achieve a robust intrusion detection system the framework has been designed as shown. This paper focus is on Specification based intrusion detection technique based on protocol standards. The evidence is collected for all the attacks and the specification is written for risk assessment phase. The detection engine has to be designed for detecting of attacks and decision making is done using a machine learning technique for the purpose of intrusion response.
Roadmap
This paper is organized as follows Chapter 2 briefly defines a survey on intrusion detection system in Software Defined Networking. Chapter 3 delineates feature ranking methods to rank the relevant features and investigation of various network attacks with respect to the control planes. The flow rules are written for the various control plane attacks. Chapter 4 defines a fuzzy inference engine and association rule mining for automatic execution of flow rules. This chapter concludes mined rules. Chapter 5 is Conclusion and future work.