A proposal of port scan detection method based on Packet-In Messages in OpenFlow networks and its evaluation

Research output: Contribution to journalArticlepeer-review

Abstract

By quickly detecting a port scan and blocking the culprit host from the network, it is possible to minimize the spread of the damage by infected hosts and malicious users. In the past, various Software-Defined Networking (SDN)-based methods have been proposed, whose main advantage is the lower overhead compared to traditional methods that collect and analyze all captured traffic. On the other hand, due to the polling process used in these methods, it is necessary to set a short interval (e.g., few seconds) to keep the attacks' detection as short as possible. However, when the attack frequency is very low compared to normal traffic, there is an unnecessary overhead. In this paper, we propose a port scan detection method that considers the characteristics of Packet-In messages sent from the OpenFlow (OF) switch to the controller. This allows a prompt detection and with less overhead than conventional polling methods. The evaluation was conducted using both simulated and real traffic data. Results confirm that the proposed method can detect port scans with lower overhead than existing methods.

Original languageEnglish
Article numbere2174
JournalInternational Journal of Network Management
Volume31
Issue number6
DOIs
Publication statusPublished - 2021 Nov 1

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'A proposal of port scan detection method based on Packet-In Messages in OpenFlow networks and its evaluation'. Together they form a unique fingerprint.

Cite this