preprints.org > computer science and mathematics > security systems > doi: 10.20944/preprints202310.1788.v1

Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Version 1 : Received: 27 October 2023 / Approved: 27 October 2023 / Online: 30 October 2023 (07:36:38 CET)

With a software-defined network (SDN), the control plane is separated from the data plane, allowing the control of network flows to be easy and dynamic at the same time. While the controller, which is equipped with various control applications, is capable of analyzing a large amount of data, it may become overburdened when it is faced with a large volume of traffic. The intrusion detection system (IDS) is an example of control applications that can be used to detect intrusions. It is recommended to deploy instances of the IDS across the data plane. This will improve the processing power and detection rate and as a result reduce the load on the controller at the same time. While there is no doubt that an IDS would be beneficial for improving detection rates, installing one at each switch in the data plane would be costly. To address this issue, this paper proposes the deployment of IDS chains across the data plane. The controller directs incoming traffic via alternative paths, including the IDS chain, which increases the detection rate while avoiding overloading. In order to improve transmission efficiency, our study proposes a method of balancing the distribution of flows and assigning them to specific IDS chains. This approach minimizes the cost of flow grouping through the use of a new incoming traffic grouping technique. Our method is tested and evaluated through the use of a test bed and trace-based simulation, and has been proven to effectively reduce delays and hop counts across various traffic scenarios.

attack; forwarding traffic; Intrusion detection; load balancing; SDN; matching problem

Computer Science and Mathematics, Security Systems

* All users must log in before leaving a comment