دانلود رایگان مقاله نمونه گیری ترافیک مشکوک برای تشخیص نفوذ در شبکه تعریف شده نرم افزاری

عنوان فارسی
نمونه گیری ترافیک مشکوک برای تشخیص نفوذ در شبکه تعریف شده نرم افزاری
عنوان انگلیسی
Suspicious traffic sampling for intrusion detection in software-defined networks
صفحات مقاله فارسی
0
صفحات مقاله انگلیسی
11
سال انتشار
2016
نشریه
الزویر - Elsevier
فرمت مقاله انگلیسی
PDF
کد محصول
E868
رشته های مرتبط با این مقاله
مهندسی کامپیوتر و مهندسی فناوری اطلاعات
گرایش های مرتبط با این مقاله
شبکه های کامپیوتری و رایانش ابری
مجله
شبکه های کامپیوتر - Computer Networks
دانشگاه
دانشکده اطلاعات و ارتباطات، موسسه علم و صنعت گوانگجو، جمهوری کره
کلمات کلیدی
تشخیص نفوذ، تکنولوژی ابر، شبکه نرم افزاری تعریف شده، نمونه گیری ترافیک
۰.۰ (بدون امتیاز)
امتیاز دهید
چکیده

Abstract


In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks.

نتیجه گیری

7. Conclusion


In this paper, we proposed a traffic sampling rate decision strategy for efficiently exploiting limited IDS resources in the detection of malicious traffic. The proposed method increases the intrusion detection performance considerably by estimating the appropriate sampling rate for each switch and focusing more on suspicious traffic. With the help of SDN technology, our method measures the throughput of each switch, the current distribution of malicious traffic, and the flow path information. The proposed approach evaluates the rate of missing malicious traffic for selecting the most appropriate sampling rates, while the sampled traffic volume is kept below the capacity that can be handled by an IDS. The simulation and experiment results indicate that the proposed sampling scheme significantly outperforms a naive scheme that samples the traffic from all switches at an equal rate.


بدون دیدگاه