Abstract | ||
---|---|---|
In order to defend a cloud computing system from security attackers, an intrusion detection system (IDS) is widely used to inspect suspicious traffic on the network. However, the processing capacity of an IDS is much smaller than the amount of traffic to be inspected in a large-scaled network system. In this paper, we propose a traffic sampling strategy for software-defined networking (SDN) that fully utilizes the inspection capability of malicious traffic, while maintaining the total aggregate volume of the sampled traffic below the inspection processing capacity of the IDS. We formulate an optimization problem to find an appropriate sampling rate for each switch, and sample the traffic flows in the network according to the optimal sampling rates using the SDN functionalities. The simulation and experimental results indicate that the proposed approach significantly enhances the inspection performance of malicious traffic in large-sized networks. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1016/j.comnet.2016.05.019 | Computer Networks |
Keywords | Field | DocType |
Intrusion detection,Cloud technology,Software-defined network,Traffic sampling | Traffic generation model,Computer science,Computer network,Sampling (statistics),Traffic shaping,Software-defined networking,Network traffic simulation,Intrusion detection system,Network traffic control,Cloud computing | Journal |
Volume | Issue | ISSN |
109 | P2 | 1389-1286 |
Citations | PageRank | References |
10 | 0.67 | 8 |
Authors | ||
7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Taejin Ha | 1 | 150 | 17.16 |
Sunghwan Kim | 2 | 10 | 0.67 |
namwon an | 3 | 11 | 2.42 |
Jargalsaikhan Narantuya | 4 | 20 | 2.65 |
Chiwook Jeong | 5 | 20 | 2.00 |
Jongwon Kim | 6 | 1042 | 153.38 |
Hyuk Lim | 7 | 673 | 51.93 |