A proposal of port scan detection method based on Packet-In Messages in OpenFlow networks and its evaluation

研究成果: ジャーナルへの寄稿学術論文査読

6 被引用数 (Scopus)

抄録

By quickly detecting a port scan and blocking the culprit host from the network, it is possible to minimize the spread of the damage by infected hosts and malicious users. In the past, various Software-Defined Networking (SDN)-based methods have been proposed, whose main advantage is the lower overhead compared to traditional methods that collect and analyze all captured traffic. On the other hand, due to the polling process used in these methods, it is necessary to set a short interval (e.g., few seconds) to keep the attacks' detection as short as possible. However, when the attack frequency is very low compared to normal traffic, there is an unnecessary overhead. In this paper, we propose a port scan detection method that considers the characteristics of Packet-In messages sent from the OpenFlow (OF) switch to the controller. This allows a prompt detection and with less overhead than conventional polling methods. The evaluation was conducted using both simulated and real traffic data. Results confirm that the proposed method can detect port scans with lower overhead than existing methods.

本文言語英語
論文番号e2174
ジャーナルInternational Journal of Network Management
31
6
DOI
出版ステータス出版済み - 2021 11月 1

フィンガープリント

「A proposal of port scan detection method based on Packet-In Messages in OpenFlow networks and its evaluation」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル