Slide 1

Slide 1 text

SDN-Based Intrusion Prevention System Software-Defined Networking and Function Virtualization

Slide 2

Slide 2 text

>_SDN? Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table

Slide 3

Slide 3 text

>_SDN Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table Controller Service Ctrl Srv

Slide 4

Slide 4 text

>_SDN? Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table External Network Controller Service Ctrl Srv

Slide 5

Slide 5 text

>_Issue Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table Controller Service Ctrl Srv Hacking Behavior Packets Packets DDoS, Telnet/SSH Brutforce, Ransomware, etc.

Slide 6

Slide 6 text

>_Issue Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table Controller Service Ctrl Srv Hacking Behavior Packets Packets DDoS, Telnet/SSH Brutforce, Ransomware, etc.

Slide 7

Slide 7 text

>_Issue Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table Controller Service Ctrl Srv Hacking Behavior Packets Packets DDoS, Telnet/SSH Brutforce, Ransomware, etc.

Slide 8

Slide 8 text

>_Issue Host A ... Switch A Service Flow Table Manager Host C Emploee Switch B Service Flow Table Controller Service Ctrl Srv Hacking Behavior Packets Packets DDoS, Telnet/SSH Brutforce, Ransomware, etc. $>/bin/sh Bingo! Get Shell.

Slide 9

Slide 9 text

>_IDS Host A Switch Service Flow Table Host B Host C IDS Srv Packets Packets Packets Intrusion Detection System

Slide 10

Slide 10 text

>_ Host A Switch Service Flow Table Host B Host C IDS Srv Packets Packets Packets IDS Intrusion Detection System Tcpdump

Slide 11

Slide 11 text

>_IDS Host A Switch Service Flow Table Host B Host C IDS Srv Intrusion Detection System Hacked Bruteforce credentials (Telnet/SSH/RDP/AD) SMTP (Email) Godmode

Slide 12

Slide 12 text

>_IDS Host A Switch Service Flow Table Host B Host C IDS Srv Intrusion Detection System Hacked Bruteforce credentials (Telnet/SSH/RDP/AD) SMTP (Email) Godmode Marked As Pwned Devices

Slide 13

Slide 13 text

>_SDN Host A Switch A Service Flow Table Host B Hacked Controller Service Ctrl Srv IDS Srv Scouting Updating Flow

Slide 14

Slide 14 text

>_SDN Host A Switch A Service Flow Table Host B Hacked Controller Service Ctrl Srv IDS Srv Isolating Hacked Host

Slide 15

Slide 15 text

>_SDN Host A Switch A Service Flow Table Host B Hacked Controller Service Ctrl Srv IDS Srv Isolating Hacked Host

Slide 16

Slide 16 text

>_SDN? Host A ... Switch A Service Flow Table Host B Host C Host N Switch B Service Flow Table Controller Service Ctrl Srv IDS Srv IDS Srv

Slide 17

Slide 17 text

Demo

Slide 18

Slide 18 text

SDN-Based Intrusion Prevention System Thanks.