Tesis
Integración de un IDS/IPS al controlador SDN para la prevención y detección de ataques de seguridad (DOS) en un escenario de Redes Definidas por Software.
Fecha
2018-11Registro en:
Morales Dávila, Edwin Mauro. (2018). Integración de un IDS/IPS al controlador SDN para la prevención y detección de ataques de seguridad (DOS) en un escenario de Redes Definidas por Software. Escuela Superior Politécnica de Chimborazo. Riobamba.
Autor
Morales Dávila, Edwin Mauro
Resumen
The main purpose of this study was the integration of an intrusion detection and prevention system
(IDS/IPS) to the controller in order to prevent, and detect security attacks (DoS). In order to make
this possible, a scenario of software defined networks (SDN) was implemented by using the
Zodiac Fx switch. The scenario is made of an IDS (Intrusion Detection System) / IPS (Intrusion
Protection System) Snort with protection-oriented rules, which enables to analyse the network in
search of possible DoS attacks in real time, and then, recording them in a temporary file, and
subsequently, with the SDN controller under the Ryu platform, to program an algorithm to
establish the Open Flow communication between several elements comprising the network, and
also, acquire the Snort information to organize it, classify it, and finally to report the events that
are happening in Real time to a network administrator. Interoperability tests were conducted by
the creation of DHCP, DNS and HTTP servers. In order to verify the connectivity and operation
of the network, IP packets were sent, so that Snort detects the flow of data and reports to the Ryu.
Performance tests were also developed with the study of two cases: the first, where DoS attacks
were executed on a system without IDS/IPS, resulting in a lack of information about the origin of
the data flow. In the second case, a detection system was integrated, providing detailed
information to identify intrusion attempts, which were eliminated according to rules previously
established. Finally, it was determined an error percentage of 0.077 after using supporting tools
like wireshark, barnyard2 and BASE. The integration of the intrusion detection and prevention
system has been efficient in terms of security, taking advantage over other protection mechanisms
that work isolated of the controller. It is recommended to set specific rules to block only malicious
traffic and avoid the elimination of useful information.