Virtual Patching: Fighting Brute Force Attacks in a Software Defined Network
Abstract
A new design for virtual patching applications is presented for software defined network environments. Based on OpenFlow implementation, a software defined network can be programmed to intelligently detect threats and handle them accordingly. By implementing a virtual patching solution with the Floodlight OpenFlow API, these networks can detect malicious traffic before it reaches the vulnerable device, based on common signs like packet size or destinations of open but unused ports. A controller hosts an Intrusion Detection Service (IDS) on the network would track signs of malicious data, and scan incoming traffic for any of those signs. If a packet is reasonably suspicious, it is not allowed to continue on it’s path, while all other traffic continues as normal. Because software defined networks are inherently programmable, a general solution can be put in place that network administrators can use to create virtual patching rules on the fly. This allows for vast flexibility and efficiency, which is critical when dealing with a live exploitation on the network. Experimental results for both the attack specific solution and the general, programmable solution have not yet been obtained.
Subject
Computerscience
computer science
cyber
security
cyber security
cybersecurity
software
defined
network
networks
software defined networks
SDN
SDNs
virtual
patching
virtual patching
blake
nelson
Blake
Nelson
Blake Nelson
Gu
Guofei
Guofei Gu
Dr. Gu
Dr. Guofei Gu
Citation
Nelson, Blake (2019). Virtual Patching: Fighting Brute Force Attacks in a Software Defined Network. Undergraduate Research Scholars Program. Available electronically from https : / /hdl .handle .net /1969 .1 /166495.