Software Defined Networking With Intrusion Detection System

Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

International Journal of Engineering and Technical Research (IJETR)

ISSN: 2321-0869, Volume-2, Issue-10, October 2014

Software Defined Networking with Intrusion


Detection System
Yogita Hande, Aishwarya Jadhav, Achaleshwari Patil, Rutuja Zagade

Abstract SDN and network programmability have emerged programmable networks could lower the barrier to entry for
to address trends in IT by providing greater automation and new ideas, increasing the rate of innovation in the network
orchestration of the network fabric, and allow dynamic, infrastructure. Commercial switches and routers do not
application-led configuration of networks and services. typically provide an open software platform, let alone provide
networks must be open, programmable, and application aware
a means to virtualize either their hardware or software.
in order to deliver these requirements,. Networks must evolve to
meet the emerging trends without compromising their current
The proposed system will contain virtually created
resiliency, service richness, or security, and without disrupting network with few virtual switches and virtual hosts (PCs)
previous organizational investments. Software Defined which will be high end LINUX PCs. And then the Openflow
Networking (SDN) is an emerging network architecture where controller will communicate with the virtual network. Then
network control is decoupled from forwarding and is directly our system will detect the bad packets generated by Packet
programmable. This migration of control, formerly tightly generator. The packets will be captured and viewed through
bound in individual network devices, enables the underlying the use of software called Wireshark.
infrastructure to be abstracted for applications and network
services, which can treat the network as a logical or virtual
II. EXISTING SYSTEM
entity. Security is a challenge in future networks. Future
Internet proposals rely on virtualization to provide multiple Today, there is almost no practical way to experiment with
types of networks sharing the same physical infrastructure. This new network protocols in sufficiently realistic settings to gain
proposal takes advantage of the programmability offered by the confidence needed for their widespread deployment. The
Software Defined Networks (SDN) to provide architecture for result is that most new ideas from the networking research
an Intrusion Detection System.
community go untried and untested; hence the commonly held
Index Terms Software Defined Networking, Network
belief that the network infrastructure has ossified. The
Virtualization, OpenFlow. existing switches and routers have inbuilt protocols that the
device will be using. If there is a need to change the protocol
then the switch/router is to be changed. Thus changing of the
I. INTRODUCTION protocol is very hard and costly as all the hardware is needed
to be replaced accordingly.
The proposed system is basically designed for Intrusion
detection system in campus networks using a new concept III. PROPOSED SYSTEM
called SDN (Software Defined Networking). The ability to
detach networks based on software defined networking A. Why SDN: Traditionally, network architectures within
(SDN) has risen in popularity. Intrusion detection is one of the corporate and government networks use network devices that
main challenges of internet security today. If in real time the combine control plane and data plane functions in a single
campus system gets intruded then what helps is the SDN.SDN device, typically a router or switch. The control plane is an
will solve this problem through the use of Openflow. element of a router or switch that determines how one
Presently, Openflow is a new network technology. It is an individual device within a network interacts with its
open standard for SDN in which the control plane and data neighbors. Examples of control plane protocols are routing
plane of network equipment is separated. Thus, Openflow protocols, such as Open Shortest Path First (OSPF), Border
provides an open protocol to program the flow table in Gateway Protocol (BGP), and Spanning Tree Protocol (STP).
different switches and routers. Network administrator, These protocols determine the optimal port or interface to
researchers, students along with people using the campus forward packets (that is, the data plane). While these control
network for their purpose can define their own flow table and plane protocols scale very well, and provide a high level of
use the system accordingly. Everyone gets their slice of bread network resiliency, they pose limitations. For example,
without affecting others network. routing protocols may only be able to determine the best path
through a network based on static metrics such as interface
Today, there is almost no practical way to experiment with bandwidth or hop count.
new network protocols (e.g.: routing protocols) in sufficiently Likewise, control plane protocols do not typically have any
realistic settings to gain the confidence needed for their visibility into the applications running over the network, or
widespread deployment. The new ideas from the networking how the network may be affecting application performance.
community go untried and untested. There is a need of Data plane functionality includes features such as quality of
virtualized programmable network. Virtualized service (QoS), encryption, Network Address Translation
(NAT), and access control lists (ACLs). The features directly
Manuscript received October 03, 2014. affect packet forwarding, including being dropped. However,

19 www.erpublication.org
Software Defined Networking with Intrusion Detection System

many of these features are static in nature and determined by well-defined Application Programming Interface (API)
the fixed configuration of the network device. There is no between the two.
mechanism to modify the configuration of the above features D. SDN in campus: For conventional network in campus
based on the dynamic conditions of the network or its various native groups are working on same network. The
applications. Finally, configuration of these features is network is equally distributed to all the communities
typically done on a device-by-device basis, greatly limiting using the network. But if a researcher wants to test his
the scalability of applying the required functionality. design or protocol, or if another person wants to work on
his newly designed system what creates a problem is the
IV. SYSTEM ARCHITECTURE network access. Since the protocols and network design
for routers and switches are provided by the vendor,
possibility of changes is very less or not found. Hence
the concept of SDN in campus comes into picture
wherein the various users of network can utilize their
slice of network by allocation of resources and when the
job gets over the resources can be de-allocated.
E. IDS: An intrusion detection system (IDS) is a software
application that monitors network or system activities
for malicious activities or policy violations and
produces reports to a management station. The function
of the present system is detecting the intrusion in the
system which will be virtually created by our packet
Fig 1: SDN in Campus with IDS system diagram
generator which is responsible to generate bad packets
which will be processed and captured by our system.
F. OpenFlow controller: An OpenFlow controller is an
V. OVERALL DESCRIPTION application that manages flow control in a
software-defined networking (SDN) environment.SDN
Network layer is divided into three different planes: controllers functions according to OpenFlow protocol.
Data plane, control plane and management plane. The SDN controller acts as a sort of operating system
A. Data plane: The data plane (user plane, forwarding (OS) for the network. All communications between
plane) is the part of a network that carries user traffic. applications and devices have to go through the
The data plane enables data transfer to handle multiple controller. The OpenFlow protocol connects controller
conversations through multiple protocols, and manages software to network devices so that server software can
conversations with remote peers. The conventional tell switches where to send packets. The controller uses
networking and SDN networking differs in such a way the OpenFlow protocol to configure network devices
that in the former all the planes are implemented in the and choose the best path for application traffic.
firmware of routers and switches whereas in later case G. OpenFlow switch: OpenFlow provides an open protocol
the data and control planes are decoupled. Thus network to program the flow table in different switches and
administration becomes more flexible. routers. An OpenFlow Switch consists of 3 parts: A
Flow Table, A Secure Channel, The OpenFlow
B. Control plane: the control plane is the part of a network Protocol.
that carries signaling traffic and is responsible for
routing. Functions of the control plane include system
configuration and management. In sdn control plane is VI. SYSTEM FEATURES
moved on from hardware to software layer which
1. Software-Defined Networking transforms network
enables easy programmatic access. It thus, allows
architecture into traditional network backbones of rich
dynamic access and administration. A network
service-delivery platforms.
administrator can shape traffic from a centralized
control console without having to touch individual Software-Defined Networking focuses on three key
switches. The administrator can prioritize, de-prioritize features:
or even block specific types of packets. o Separation of the control plane from the data plane
C. SDN: Software-defined networking (SDN) is an o A centralized controller and view of the network
approach to computer networking that allows network o Programmability of the network by external applications
administrators to manage network services through
abstraction of lower level functionality. The 2. Intrusion detection is one of the main challenges of internet
architectural approach optimizes and simplifies network security today. In this system we will be generating the
operations by more closely binding the interaction (i.e., good and the bad packets. The user will be able to see
provisioning, messaging, and alarming) among the bad packets as well as other packets that are being
applications and network services and devices, whether captured by the intrusion detection system and can be
they are real or virtualized. An SDN separates the data able to analyze them though the packet analyzer Wire
and control functions of networking devices, such as Shark.
routers, packet switches, and LAN switches, with a

20 www.erpublication.org
International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-2, Issue-10, October 2014
VII. FUTURE SCOPE [3] Open Networking Foundation Software defined networking in campus
networks April 13, 2012.
Software Defined Network can be a useful tool for an [4] The Internet Protocol Journal Volume 16, Number 1, March 2013.
Intrusion Prevention System, due to its capability to both [5] Nick Mckeown, Tom Anderson, Hari Balkrishnan, OpenFlow:
mirror the network traffic and block the malicious flow as Enabling Innovation in Computer Networks, 2008.
soon as the Intrusion Detection System notifies the controller. [6] SDN reference website, www.sdn.ieee.org, 2006.
For future work, a study on the scalability of our proposal is [7] IEEE Std 830-1998 IEEE Recommended, Practice for Software
intended, allowing multiple IDS virtual machines running in Requirements Specifications, IEEE Computer Society, 1998.
[8] Richard Heady, George Luger, Arthur Maccabe, Mark Servilla, The
the same network. We will further study the characteristics of Architecture of a Network Level Intrusion Detection System, 1990.
various malwares, investigate malware detection techniques
and explore the possibilities of employing them in the context
of SDN. In addition, we plan to take better advantage of
infrastructure and test our system at a larger scale in order to
optimize our system design.

VIII. ADVANTAGES

1. Operational Savings: SDNs lower operating expenses.


Network services can be packaged for application
owners, freeing up the networking team.

2. Flexibility: SDNs create flexibility in how the network


can be used and operated. Resellers can write their own
network services using standard development tools.

3. Better Management: Managed Service Providers


(MSPs) can use a single viewpoint and toolset to manage
virtual networking, computing and storage resources.

4. Planning: Better visibility into network, computing, and


storage resources means resellers can also plan IT
strategies more effectively for their customers.

5. Infrastructure Savings: Separating route/switching


intelligence from packet forwarding reduces hardware
prices as routers and switches must compete on
price-performance features.

IX. CONCLUSION

An SDN come up to foster network virtualization, enabling


IT staff to manage their servers, applications, storage, and
networks with a common approach and tool set. Whether in a
carrier environment or enterprise data center and campus,
SDN adoption can improve network manageability,
scalability, and agility. It provides interface with SDN
controllers, helping better integration and coordination
between them. The future of networking will rely more on
software, which will accelerate the pace of innovation for
networks as it has in the computing and storage domains.
SDN promises to transform today's static networks into
flexible, programmable platforms with the intelligence to
allocate resources dynamically, the scale to support enormous
data centers and the virtualization needed to support dynamic,
highly automated, and secure cloud environments. With its
many advantages and astonishing industry momentum, SDN
is on the way to becoming the new norm for networks.

REFERENCES

[1] OpenFlow reference website OpenFlow tutorial, 2014.


[2] Siamak Azodolmolky, Software Defined Networking with OpenFlow
controller, reference book, 2013.

21 www.erpublication.org

You might also like