دانلود رایگان مقاله نمونه گیری ترافیک مشکوک برای تشخیص نفوذ در شبکه تعریف شده نرم افزاری

Abstract

In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks.

7. Conclusion

In this paper, we proposed a traffic sampling rate decision strategy for efficiently exploiting limited IDS resources in the detection of malicious traffic. The proposed method increases the intrusion detection performance considerably by estimating the appropriate sampling rate for each switch and focusing more on suspicious traffic. With the help of SDN technology, our method measures the throughput of each switch, the current distribution of malicious traffic, and the flow path information. The proposed approach evaluates the rate of missing malicious traffic for selecting the most appropriate sampling rates, while the sampled traffic volume is kept below the capacity that can be handled by an IDS. The simulation and experiment results indicate that the proposed sampling scheme significantly outperforms a naive scheme that samples the traffic from all switches at an equal rate.