About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
sesa 18(15): e2

Research Article

Kernel-Space Intrusion Detection Using Software-Defined Networking

Download1577 downloads
Cite
BibTeX Plain Text
  • @ARTICLE{10.4108/eai.13-7-2018.155168,
        author={Tommy Chin and Kaiqi Xiong and Mohamed Rahouti},
        title={Kernel-Space Intrusion Detection Using Software-Defined Networking},
        journal={EAI Endorsed Transactions on Security and Safety},
        volume={5},
        number={15},
        publisher={EAI},
        journal_a={SESA},
        year={2018},
        month={10},
        keywords={Intrusion Detection and Prevention Systems (IDPS), Software-Defined Networking (SDN), Bloom Filter, Aho Corasick, Security},
        doi={10.4108/eai.13-7-2018.155168}
    }
    
  • Tommy Chin
    Kaiqi Xiong
    Mohamed Rahouti
    Year: 2018
    Kernel-Space Intrusion Detection Using Software-Defined Networking
    SESA
    EAI
    DOI: 10.4108/eai.13-7-2018.155168
Tommy Chin1, Kaiqi Xiong2,*, Mohamed Rahouti2
  • 1: Rochester Institute of Technology, Rochester, New York, 14623, USA
  • 2: University of South Florida, Tampa, Florida 33620, USA
*Contact email: xiongk@usf.edu

Abstract

Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS.

Keywords
Intrusion Detection and Prevention Systems (IDPS), Software-Defined Networking (SDN), Bloom Filter, Aho Corasick, Security
Received
2018-05-01
Accepted
2018-06-02
Published
2018-10-09
Publisher
EAI
http://dx.doi.org/10.4108/eai.13-7-2018.155168

Copyright © 2018 Tommy Chin et al., licensed to EAI. This is an open access article distributed under the terms of the Creative Commons Attribution license (http://creativecommons.org/licenses/by/3.0/), which permits unlimited use, distribution and reproduction in any medium so long as the original work is properly cited.

EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL