Article ID | Journal | Published Year | Pages | File Type |
---|---|---|---|---|
4954941 | Computer Networks | 2016 | 11 Pages |
Abstract
In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks.
Related Topics
Physical Sciences and Engineering
Computer Science
Computer Networks and Communications
Authors
Taejin Ha, Sunghwan Kim, Namwon An, Jargalsaikhan Narantuya, Chiwook Jeong, JongWon Kim, Hyuk Lim,