International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 1 Issue7 pp 001-004 October 2012 www.ijsret.org ISSN 2278 - 0882

Open Flow Switch with Intrusion Detection System

Suresh Kumar
Department of Computer Science Govt. Engineering College,Bikaner Karni Industrial Area,pugal road,Bikaner Suresh.pr4570@gmail.com

Tarun Kumar
Department of Computer Science Govt. Engineering College,Bikaner Karni Industrial Area,pugal road,Bikaner ertarunkumar@yahoo.co.in

Ganesh Singh
Department of I. T. Govt. Engineering College,Bikaner Karni Industrial Area,pugal road,Bikaner Ganesh.badhu@gmail.com

Maninder Singh Nehra

Department of Computer Science Govt. Engineering College,Bikaner Karni Industrial Area,pugal road,Bikaner Maninder4unehra@yahoo.com

ABSTRACT
Presently OpenFlow [1] is a new network technology and an open standard for Software Defined Networking (SDN) in which the control plane and data plane of network equipment is separated. In this paper we proposed a concept of new open flow switch that contains Intrusion Detection System in it. The propose switch makes new secure open flow protocol. Keywords: Intrusion Detection System, OpenFlow, Flow Table, Secure Channel. the network switch.OpenFlow supports the data plane as a flow table. The flow is a basic unit of manipulation within switch where each packet is switch individually.In an OpenFlow Network, controller manages the Switches that support the concept of Data flow i.e. a stream of related packets that are processed in a Network in the same way. In Every switch containing a set of rules, where each rule includes a pattern, a priority, an expiration time, a list of actions, and counters which maintains a flow table. To process an incoming packet, the switch identifies the matching all rules, and applies the actions. If no matching rule is found, then switch forwards the packet to the controller and awaits further instructions [2]. Intrusion Detection system (IDS) has become powerful to provide security against the attack. It will help us to identify the deterring and deflecting malicious attacks over the network [intrusion 1].IDS has a database which contains the definitions of possible attacks. IDS check the data packets with database to identify any attack. IDS use some string matching algorithms to detect suspicious packets.

I.

INTRODUCTION

OpenFlow is an example of SDN which provides an open, standard based interface to control how the data packets are forwarded through the OpenFlow Network. The OpenFlow standard also provides a basic set of global management abstraction, which can be used to control features such as topology change and packet filtering. The control plane is run externally on servers and the Network equipment is responsible for data plane forwarding on that server.OpenFlow was developed several years ago at Stanford University and the University of California at Berkeley after concluding that networks had becomes a critical infrastructure and network innovation on that same infrastructure was hampered more and more [2]. OpenFlow is a programmable network protocol designed to managed and direct traffic among routers and switch. OpenFlow is also designed to provide consistency in traffic management and allows path of network packet through

II.

THE OPENFLOW NETWORK

In an OpenFlow network [3] the one controller can be connected multiple switches, so it can manages all Network. In the OpenFlow Network [4], a Network Operator can support standard Ethernet and IP production traffic. The main components of a controllerbased OpenFlow Networks are:

IJSRET @ 2012

International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 1 Issue7 pp 001-004 October 2012 www.ijsret.org ISSN 2278 - 0882

OpenFlow switches The OpenFlow switch communicates with controller via the OpenFlow protocol. An OpenFlow switch consists of three parts: A Flow Table An OpenFlow switch consists of one or more Flow Tables that stored and ordered list of rules for processing packet and tells how to data flow between a secure channel to the controller. In the Flow Table entries can be define externally. b. A secure channel The secure channel is interface that connects each OpenFlow switch to a controller. Through this interface the controller exchanges messages with the switch in order to configure and manage them. c. The OpenFlow protocol The OpenFlow protocol provides an open and standard way for a controller to communicate with an OpenFlow switch. The OpenFlow protocol allows a logically centralized controller to programmatically install packet handling rules in the underlying switches [1]. OpenFlow provides a protocol for communication between the controller process and the OpenFlow switches. The OpenFlow specification [1] also provides an excellent source of information. There are three types of messages supported by the OpenFlow protocol: i. The controller-to-switch messages The Controller-to-Switch messages are initiated by the controller and configuring the switch, exchanging the switch capability in OpenFlow Switch and Managing the flow table. ii. The asynchronous messages The asynchronous messages provided the functionality messages sent from the OpenFlow switch to the Controller and announce a change in network or switch state. This change can be called an event. iii.The symmetric messages The Symmetric messages Send a in both direction without any request and Diagnose the problems in a controller-switch connection. a.

Figure 1: Idealized OpenFlow Switch. The Flow Table is controlled by a remote controller via the secure channel.

Flow Table Entry Header OpenFlow [6] represents the data plane as a Flow Table. A Flow Table is a stage of the pipeline contains flow entries. Flow-entries an element in a flow Table used to match and process packet. A Flow Table can be defined as a combination of the 10 fields or 10-tuple that makes up a header. An entry in the flow table has three fields: A packet header, which is define the flow of data. The action, which defines how the data packet processed. An action can be one of the following: (1) forward the packet to a given port (2) forward the packet to the controller and (3) drop the packets. Statistics, which define the number of packet and bytes for each flow. In Flow Table [4], incoming packet are matched against the Flow. If the packet is a matched then the set of action are performed. If the packets do not match any flow entry then it sent to the controller. The controller can be deciding how to process the packet on the network server. The Flow Table [1] will re-use the existing hardware. The Flow is the basic unit of manipulation within the switch and each packet is switched individually. An each flow-entry [1] in the Flow Table has a simple action associated with it the basic are: An element in a Flow Table, used to match packets and forward this Flows packets to a

IJSRET @ 2012

International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 1 Issue7 pp 001-004 October 2012 www.ijsret.org ISSN 2278 - 0882

given port or ports. This also allows packet to be routed through the OpenFlow Network. All flows packets is delivered to secure channel, where Encapsulated and forward this all flows packets to a controller for further processing Drop this all flows packet. Forward action is used to flow the packet through normal processing pipeline.

III.

PROPOSED OPEN FLOW SWITCH

The current open flow switch has for actions. These are Forward, Encapsulate, Drop and Forward. When switch receive a packet, it check its IP header and take appropriate action associated for that IP. In our proposed switch we introduce two new actions. These are IP verification and Packet verification. In our proposed switch we have one more table other than flow table and an IDS database. Table is IDS IP information. IDS IP information table contains the list of suspicious IP. IDS database contains the definition of various attacks.AS shown in figure 2.

intrusion detected then it makes the entry in IDS IP info table of current IP and will drop the packet. Otherwise it processes the packet through normal processing. By adding this process the open flow switch will become the more secure and intelligent switch. As it adds an security in open flow network. Proposed pseudo code Step I : Select IP from Incoming Packet. Step II : Check IDS IP info table for incoming IP. Step III : If IP found in IDS IP info table then Drop Packet. Step IV : If Not found then Check Packet data with IDS database. Step V : If Intrusion detected then make entry in IDS IP info table and drop Packet. Step VI : if intrusion Not detected the processes the packet as normal processing.

IV.

CONCLUSION

In this paper we introduce the concept of intelligent open flow switch. Proposed switch contains intrusion detection system. This makes open flow protocol more secure. This switch can be programmed so it will helpful for different security policy for different implementation.

REFERENCES
[1]. N.McKeown, et. al., "OpenFlow: Enabling Innovation in Campus Networks", SIGCOMM CCR, Vol. 38, Issue 2, march 2008. [2]. N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J.Rexford, A. Story, and D. Walker. Frenetic: A High-Level Language for OpenFlow Network. In ACM PRESTO November 2010. [3]. S. Das, G. Parulkar, N. Mckeown, "Simple Unified Control for Packet and Circuit Networks". IEEE Photonics Society Summer Topical on Future Global Networks, July 2009. [4]. S. Das, G. Parulkar, N. Mckeown. "Unifying packet and circuit Switched Networks with OpenFlow". OpenFlow Technical Reports 2009.

Figure 2: Proposed Open flow switch wit IDS Detection

Working of Proposed Open Flow Switch The Proposed open flow switch will configured by the controller as per security policy. When this switch receives a packet then first it will check the source IP address in the IDS IP info table. If the source IP found in the table the switch take drop packet action. If the source IP not found in table then it start intrusion detection by checking the packet data with database. In this process if

IJSRET @ 2012

International Journal of Scientific Research Engineering & Technology (IJSRET)

Volume 1 Issue7 pp 001-004 October 2012 www.ijsret.org ISSN 2278 - 0882

[5]. M. Canini, D. Kostic, J.Rexford, and D. Venzano. Automating the Testing of OpenFlow Application. In WRiPE 2001. [6]. OpenFlow Switch http://www.openflowswitch.org/ Specification,

[7]. A NICE Way to Test OpenFlow Applications. Available at http://code.google.com/p/nice-of/.

IJSRET @ 2012