IRMA via SDN: Intrusion Response and Monitoring Appliance via Software-Defined Networking

Ujcich, Benjamin E.; Rausch, Michael J.; Nahrstedt, Klara; Sanders, William H.

IRMA via SDN: Intrusion Response and Monitoring Appliance via Software-Defined Networking

Ujcich, Benjamin E.; Rausch, Michael J.; Nahrstedt, Klara; Sanders, William H.

Permalink

https://hdl.handle.net/2142/88342

Description

Title

IRMA via SDN: Intrusion Response and Monitoring Appliance via Software-Defined Networking

Author(s)

Ujcich, Benjamin E.
Rausch, Michael J.
Nahrstedt, Klara
Sanders, William H.

Issue Date

2015-10-14

Keyword(s)

software-defined networking
enterprise network
network intrusion prevention system
NIDS
NIPS
OpenFlow

Abstract

Recent approaches to network intrusion prevention systems (NIPSs) use software-defined networking (SDN) to take advantage of dynamic network reconfigurability and programmability, but issues remain with system component modularity, network size scalability, and response latency. We present IRMA, a novel SDN-based NIPS for enterprise networks, as a network appliance that captures data traffic, checks for intrusions, issues alerts, and responds to alerts by automatically reconfiguring network flows via the SDN control plane. With a composable, modular, and parallelizable service design, we show improved throughput and less than 100 ms average latency between alert detection and response.

Type of Resource

text

Language

Permalink

http://hdl.handle.net/2142/88342

Sponsor(s)/Grant Number(s)

Roy J. Carver Fellowship

Owning Collections

Working Papers - Coordinated Science Laboratory PRIMARY

Working papers by Coordinated Science Laboratory researchers.

IRMA via SDN: Intrusion Response and Monitoring Appliance via Software-Defined Networking

Ujcich, Benjamin E.; Rausch, Michael J.; Nahrstedt, Klara; Sanders, William H.

Permalink

Description

Owning Collections

Working Papers - Coordinated Science Laboratory PRIMARY

Log In