Towards an Adaptive and Effective IDS Using OpenFlow

  • Sebastian SeeberEmail author
  • Gabi Dreo Rodosek
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9122)


Processing huge amounts of traffic from core network components with respect to security remains a challenging task, since the amounts of data increase continuously. Therefore, new approaches need to be investigated to detect and handle attacks already in high-speed environments. In this PhD research, we will develop a new approach for detecting network attacks by processing data from core network components taking advantage of properties of OpenFlow in an SDN environment. Using this, we can collect metadata about forwarded traffic in an immediate and effective way. In addition, our solution will enable dynamic and adaptive redirection of traffic to various IDSs including cloud-based IDS solutions.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akamai - Q4 2014 State of the Internet Security Report, (last accessed on January 28, 2015)
  2. 2.
    Arbor Networks - Worldwide Infrastructure Security Report (2014),
  3. 3.
    Bro Network Security Monitor, (last accessed on January 28, 2015)
  4. 4.
    Cloudflare, Inc., (last accessed on January 28, 2015)
  5. 5.
    Franklin Morris, Infographic: SMB Cloud Adoption Trends in (2014), (last accessed on January 28, 2015)
  6. 6.
    Snort, (last accessed on January, 28 2015)
  7. 7.
    Suricata IDS/IPS, (last accessed on January 28, 2015)
  8. 8.
    AbuHmed, T., Mohaisen, A., Nyang, D.: A survey on deep packet inspection for intrusion detection systems. arXiv preprint arXiv:0803.0037 (2008)Google Scholar
  9. 9.
    Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: 2010 IEEE 35th Conference on Local Computer Networks (LCN), pp. 408–415. IEEE (2010)Google Scholar
  10. 10.
    Feamster, N.: Outsourcing home network security. In: Proceedings of the 2010 ACM SIGCOMM Workshop on Home Networks, pp. 37–42. ACM (2010)Google Scholar
  11. 11.
    François, J., Dolberg, L., Festor, O., Engel, T.: Network Security through Software Defined Networking: a Survey. In: IIT Real-Time Communications (RTC) Conference-Principles, Systems and Applications of IP Telecommunications (IPTComm). ACMGoogle Scholar
  12. 12.
    Fry, C., Nystrom, M.: Security Monitoring. O’Reilly Media, Inc. (2009)Google Scholar
  13. 13.
    Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks 62, 122–136 (2014)CrossRefGoogle Scholar
  14. 14.
    Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in software Defined Networking, pp. 55–60. ACM (2013)Google Scholar
  15. 15.
    Schehlmann, L., Baier, H.: COFFEE: A Concept based on OpenFlow to Filter and Erase Events of botnet activity at high-speed nodes. In: GI-Jahrestagung, pp. 2225–2239 (2013)Google Scholar
  16. 16.
    Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: A survey. In: 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)Google Scholar
  17. 17.
    Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An Overview of IP Flow-Based Intrusion Detection. IEEE Communications Surveys Tutorials 12(3), 343–356 (2010)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversität der Bundeswehr MünchenNeubibergGermany

Personalised recommendations