CIPA: A collaborative intrusion prevention architecture for programmable network and SDN

摘要

Coordinated intrusion, like DDoS, Worm outbreak and Botnet, is a major threat to network security nowadays and will continue to be a threat in the future. To ensure the Internet security, effective detection and mitigation for such attacks are indispensable. In this paper, we propose a novel collaborative intrusion prevention architecture, i.e. CIPA, aiming at confronting such coordinated intrusion behavior. CIPA is deployed as a virtual network of an artificial neural net over the substrate of networks. Taking advantage of the parallel and simple mathematical manipulation of neurons in a neural net, CIPA can disperse its lightweight computation power to the programmable switches of the substrate. Each programmable switch virtualizes one to several neurons. The whole neural net functions like an integrated IDS/IPS. This allows CIPA to detect distributed attacks on a global view. Meanwhile, it does not require high communication and computation overhead. It is scalable and robust. To validate CIPA, we have realized a prototype on Software-Defined Networks. We also conducted simulations and experiments. The results demonstrate that CIPA is effective.