Scalable and Collaborative Intrusion Detection and Prevention Systems Based on SDN and NFV

Abstract

The increasing complexity and connectivity of networks lead to new and challenging vulnerabilities to be addressed for network security. As networks expand and diverse networks become interrelated, attackers leverage the broad scope of the global Internet to perpetrate large-scale attacks. Cloud environments, which are widely adopted, are fundamentally provisioned via the Internet bringing new challenges regarding security and privacy. However, network programmability and emerging technologies such as software-defined networking (SDN) and network functions virtualization (NFV) can advance techniques for intrusion detection and protection. In this chapter, we review the state of the art in scalable and collaborative intrusion detection systems (IDSs). Combining data plane programming with control level collaboration, we propose a model to simplify the detection of large-scale, distributed network attacks. This model simultaneously reduces the system overhead through direct mitigation at the network edge and enriches the detection process with corroboration of evidence from distributed sources.