SDN based Intrusion Detection and Prevention Systems using Manufacturer Usage Description: A Survey

Noman Mazhar, Rosli Salleh, Mohammad Asif, Muhammad Zeeshan
2020 International Journal of Advanced Computer Science and Applications  
Internet of things (IoT) is an emerging paradigm that integrates several technologies. IoT network constitutes of many interconnected devices that include various sensors, actuators, services and other communicable objects. The increasing demand for IoT and its services have created several security vulnerabilities. Conventional security approaches like intrusion detection systems are not up to the expectation to fulfil the security challenges of IoT networks, due to the conventional
more » ... s used in them. This article presents a survey of intrusion detection and prevention system (IDPS), using state of art technologies, in the context of IoT security. IDPS constitutes of two parts: intrusion detection system and intrusion prevention system. An intrusion detection system (IDS) is used to detect and analyze both inbound and outbound network traffic for malicious activities. An intrusion prevention system (IPS) can be aligned with IDS by proactively inspecting a system's incoming traffic to mitigate harmful requests. The alignment of IDS and IPS is known as intrusion detection and prevention systems (IDPS). The amalgamation of new technologies, like software-defined network (SDN), machine learning (ML), and manufacturer usage description (MUD), in IDPS is putting the security on the next level. In this study IDPS and its performance benefits are analyzed in the context of IoT security. This survey describes all these prominent technologies in detail and their integrated applications to complement IDPS in the IoT network. Future research directions and challenges of IoT security have been elaborated in the end. Along with the SDN technology, a new concept has been introduced for the identification of IoT devices known as "Manufacturer usage description" (MUD). MUD is a developing concept to define IoT device behaviour for network communication [4] . This automatically identifies the device and helps the security system to figure out the abnormal or malicious nodes within the network. For complete detection and monitoring of malicious activity in the network machine learning plays its role. For the detection of malware and malicious traffic, ML techniques have the primary role. In traditional networks, detection of malicious traffic and classification of a network attack is achieved using predefined rules and specifications which are limited to address new kinds of attacks. The main application of using ML in SDN networks is the control of the entire network rather than just focusing on localized policy or certain rules [5] . Such techniques show great potential for network traffic classification and solving prediction problems [6] . ML is used in the IDPS systems for the detection of security attacks and to predict future threats to the system.
doi:10.14569/ijacsa.2020.0111283 fatcat:xhnac6wchnbxdfztz2b666l4ra