e-ISSN (O): 2348-4470

Scientific Journal of Impact Factor (SJIF): 4.72

p-ISSN (P): 2348-6406

International Journal of Advance Engineering and Research

Development
Volume 4, Issue 1, January -2017

Intrusion Detection System based Software Defined Networking

Riya Shreshthi1, Payal Kapre2, Kalyani Shekatkar3,Madhuri Kalgane4, Prof. .Ms Yogita Hande5

1,2,3,4
UG Scholar, Dept.Of Computer Engg., Sinhgad Institute of Technology and Science, Narhe, Pune, M.S., India
5
Professor, Dept.Of Computer Engg., Sinhgad Institute of Technology and Science, Narhe, Pune, M.S., India

ABSTRACT- Increasing access to the networks results in additional data traffic across wide area network. These
demands require huge parallel processing on thousands of inter connected servers. Existing security related
implementations are deployed in a static function which is not feasible for high sophisticatednetwork enabled attacks.
The new emerging technology Software-defined networks (SDN) detach control plane from the data plane. SDN control
plane consist controller which has the ability to control the entire network which is a possible security concern as
compared to traditional network with a distributed control plane. Centralize and programmable nature of SDN exploits
venerability by attacker. We are proposing Intrusion Detection System (IDS) for SDN environment which identifies
malicious behaviors or attacks and reports to network administrators as intrusion events. The recent news from the
report of Akami stated that 90% of the Attacks are DoS and DDoS attacks. The increasing attacks is giving rise to the
insecurity of the sensitive data and even the loss of the data. In this paper we are using the genetic algorithm which are
deployed in a dynamic function to prevent the attacks. The monitoring of the data traffic is an important which will give
the information about the data that is passing through the network. Based on these information the rules are defined and
these rules are used to check whether the data is secured or it has any Malicious code in it. These genetic algorithm can
be modified depending on the traffic that is passing through the network. This increases the reliability of the algorithm.

Keywords- Software Defined Network(SDN), OpenFlow Switch, Genetic Algorithm., Intrusion Detection
System(IDS),DoS Attack,DDos Attack
I. INTRODUCTION

Software Defined Network (SDN) is dynamic, manageable, convertible and cost-efficient network. This SDN is
encompassing many network technologies aimed to form directly programmable, agile, centrally managed network
infrastructure. Software-defined networking (SDN) is associate approach to networking within which management is
decoupled from hardware and given to a software system application known as a controller. The goal of SDN is to permit
network administrator or operator to quickly handle the business desires. Software-defined networking (SDN) is
associate approach to laptop networking that permits network directors to manage network services through abstraction
of lower level practicality. The branch of knowledge approach optimizes and simplifies network operations by additional
closely binding the interaction (i.e., provisioning, messaging, and alarming) among applications and network services and
devices, whether or not they are real or virtualized. Associate SDN separates the info and management functions of
networking devices, like routers, packet switches, and computer network switches, with a well-defined Application
Programming Interface (API) .

In software system outlined Network, directors will form traffic by programming the management at control plane
while not interrupting network devices (Switches) at knowledge plane. Management (Control) plane includes a
centralized controller, that sets forwarding rules in switch to route traffic from supply to destination. Knowledge (data)
plane that consists of network devices handles all packets according the flow entries set by the controller. All flow
entries at the switch level are managed by centralized logical controller. With this ability, SDN technique is introduces
to handle the cloud service suppliers challenges like dynamical load traffic, additional information measure demand,
and security and measurability problems. Enterprise and organization use OpenFlow based mostly SDN to balance the
traffic load, direct the traffic, manage on demand, information measure demand and execute polices to scale the
network. The software system outlined Networking (SDN) approaches has been earlier adopted by several firms for his
or her business significantly cloud and telecommunication services. the normal technologies not able to drive their
current business challenges, therefore trendy network techniques supported software system. Application service

@IJAERD-2017, All rights Reserved 383

 International Journal of Advance Engineering and Research Development (IJAERD)
Volume 4, Issue 1, January -2017, e-ISSN: 2348 - 4470, print-ISSN: 2348-6406

supplier firms ar exploitation SDN ideas like Amazon, Rack space, IBM Soft layer conjointly telecoms field are
competitive in developing their software system network methods.

Fig.1 SDN Architecture

II. RELATED WORK

In Towards an SDN enabled IDS Environment[1] the proposed idea is to reduce false positives and improve thess
quality of the forwarding rule set progressively. In coincidence, Its solution claims to immediately redirect attack traffic
that would cause an overload of the on-site network to a cloud security provider that is able to cope with this amount of
traffic, having in mind privacy concerns of the consumer. Incoming traffic reaches an OpenFlow enabled switch (OF-
switch). This switch is equipped with a base rule set in the forwarding tables. This base rule set acts as a light IDS that
maintains a history of recurring events including involved IP addresses as well as information from external sources.
These sources include public available black-lists, white-lists, geo-location data and their severities. Based on this
database of events, lists and previous observed incidents, forwarding rules inside the OF-switch are modified to adapt the
functionality of the overall monitoring and detection process. SDN controller maintains a rule set per consumer that
includes basic knowledge about the capabilities on the consumer site to detect security related behaviour (e.g. IDS) and
preferred DDoS WASHING MACHINES.

In Scalable Network Intrusion Detection on Virtual SDN Environment[2]. The proposed idea is Scalable intrusion
detection system (IDS) architecture on a software-defined networking (SDN) environment implemented using a
virtualization infrastructure called a Kernel-based Virtual Machine (KVM). Virtual machines running IDSs, the SDN
controller, and network attack software are connected with each other through OpenFlow-enabled software switches. For
malicious traffic inspection, distributed traffic sampling is used at network switches.

In SDNIPS: Enabling Software-Defined Networking Based Intrusion Prevention System in Clouds[3]. The proposed
idea is SDN-based IPS solution called SDNIPS that is a full lifecycle solution including detection and prevention in the
cloud. The idea of this paper is to propose a new IDPS architecture based on Snortbased IDS and Open vSwitch (OVS).
It also compare the SDNbased IPS solution with the traditional IPS approach from both mechanism analysis and
evaluation. Network Reconfiguration (NR) features are designed and implemented based on the POX controller to

@IJAERD-2017, All rights Reserved 384

 International Journal of Advance Engineering and Research Development (IJAERD)
Volume 4, Issue 1, January -2017, e-ISSN: 2348 - 4470, print-ISSN: 2348-6406

enhance the prevention flexibility. Finally, evaluations of SDNIPS demonstrate its feasibility and efficiency over
traditional approaches.

In Snort-light weight Intrusion detection for networks[4]. The proposed idea is a light weight intrusion detection tool
in which snort has the feature of packet payload inspection which is used to detect many hostile activities. It uses a
flexible rules language to describe traffic tht it should collect or pass.

III. SYSTEM ARCHITECTURE

Using a Genetic Algorithm (GA) is one of the methods that IDSs use to detect intrusions. They incorporate the concept of
Darwins theory and natural selection to detect intrusions.Genetic algorithms (GAs) are computer programs that mimic
the processes of biological evolution in order to solve problems and to model evolutionary systems. Genetic Algorithms
(GAs) are adaptive heuristic search algorithm based on the evolutionary ideas of natural selection and genetics. The basic
techniques of the GAs are designed to simulate processes in natural systems necessary for evolution; especially those
follow the principles first laid down by Charles Darwin of "survival of the fittest. GAs simulates the survival of the
fittest among individuals over consecutive generation for solving a problems.

Fig.2 SDN with IDS

IDS with genetic algorithm: Intrusion Detection is an essential mechanism to protect computer systems from many
attacks. New attack forms are continually being discovered. Current IDS systems have limited capabilities for detecting
attacks that differ significantly from previously known attacks exactly those attacks that systems are most vulnerable to.
As the use of data over the internet increases the need to protect these data also increases. Usually unwanted intrusions
take place when the actual software systems are running over the internet. In-depth study of Intrusion Detection System,
genetic algorithm and related detection techniques was presented in this dissertation report. Genetic rule (GA) may be a
programming technique that mimics biological evolution as a problem-solving strategy. it's supported Darwinians
principle of evolution and survival of fittest to optimize a population of candidate solutions towards a predefined fitness.
GA uses associate evolution and survival of the natural process action that uses a chromosome-like system and evolve
the chromosomes exploitation selection, recombination and mutation operators. the method sometimes begins with
arbitrarily generated population of chromosomes, that represent all attainable resolution of a haul that area unit thought-
about candidate solutions. From everybody completely different positions area unit encoded as bits, characters or
numbers. Several network features have higher possibilities to be involved in network intrusions. In our approach, seven
of those features are selected from the network audit data to compose a classification rule. Table 4.1 shows the features
and their formats. The feature names are given in the first column, while the second and third columns indicate how each
of the network features is encoded in a chromosome. The second column represents the feature format and the third
column shows the number of genes used for the corresponding feature.

@IJAERD-2017, All rights Reserved 385

 International Journal of Advance Engineering and Research Development (IJAERD)
Volume 4, Issue 1, January -2017, e-ISSN: 2348 - 4470, print-ISSN: 2348-6406

IV. ALGORITHM
1. Received Packets
2. Identify suspicious flow
2.1 Apply Sampling Technique
2.1.1 Packet Counter Method
2.1.2 Time Interval Method
3. Send suspicious flow to IDS
4. Identify Attacks
4.1 Apply Genetic Algorithms to identify DoS Attack
4.2 Apply Genetic Algorithms to identify DDoS Attack.
5. Block Attack.

V. CONCLUSION

We are proposing Intrusion Detection System (IDS) for SDN environment which identifies malicious behaviors or
attacks and reports to network administrators as intrusion events. The recent news from the report of Akami stated that
90% of the Attacks are DoS and DDoS attacks. The increase in attacks is giving rise to the insecurity of the sensitive
data and even the loss of the data. In this paper we are using the genetic algorithm, which are deployed in a dynamic
function to prevent the attacks. The monitoring of the data traffic is an important which will give the information about
the data that is passing through the network. Based on this information the rules are defined and these rules are used to
check whether the data is secured or it has any malicious code in it. This genetic algorithm can be modified depending on
the traffic that is passing through the network. This increases the reliability of the algorithm. This will help in the
prevention of attacks and provide security to sensitive data.

REFERENCES

[1] Sebastian Seeber, Towards an SDN-Enabled IDS Environment, Neubiberg, 85577, any, 978-1-4673-7876-
5/15/ 2015 IEEE 751
[2] Chiwook Jeong, Taejin Ha, Scalable Network Intrusion Detection on Virtual SDN Environment978-1-4799-
2730-2/14 2014 IEEES
[3] Tiyani Xing, Deep Medhi, SDNIPS: Enabling Software-Defined Networking Based Intrusion Prevention
System in Clouds, 10th CNSM and Workshop 2014 IFIP
[4] Martin Roesch Stanford Telecommunications, Snort-Lightweight Intrusion Detection for Networks
[5] Xiaodong Du, Ming-Zhong Wang, Traffic-based Malicious Switch Detection in SDN, 2014 SERSC
[6] Mohammad Sazzadul Hoque1, Md. Abdul Mukit2 and Md. Abu Naser Bikas An implementation of intrusion
detection system using genetic algorithm in International journal of network security & its applications (ijnsa),
Vol.4, No.2, march 2012 http://www.airccse.org/journal/nsa/0312nsa08.pdf
[7] L.M.R.J Lobo,Suhas B. Chavan, Use of Genetic Algorithm in Network Security, International Journal of
Computer Applications (0975 8887) Volume 53 No.8, September 2012
[8] C.-J. Chung, P. Khatkar, T. Xing, J. Lee, and D. Huang, Nice: Network intrusion detection and countermeasure
selection in virtual network systems, in IEEE Transactions on Dependable and Secure Computing (TDSC),
Special Issue on Cloud Computing Assessment, 2013
[9] R. Kloti, Open Flow: A Security Analysis, 8th Workshop on Secure Network Protocols (NPSec 2013),
G?ttingen, Germany, (2013).
[10] K. Benton, L. J. Camp, C. Small, Open flow vulnerability assessment, Proceedings of the second ACM
SIGCOMM workshop on Hot topics in software defined networking. ACM, (2013), pp. 151-152.
[11] Gihan Nagib and Wahied G. Ali, Network Routing Protocol using Genetic Algorithms in International Journal
of Electrical & Computer Sciences IJECS-IJENS Vol: 10 No: 02 10 March 2010. http://www.ijens.org/104302-
8686%20IJECS-IJENS.pdf

@IJAERD-2017, All rights Reserved 386