Aims to strengthen cybersecurity through testbeds, developing tools loaded with scenario elements to understand attacks and block threats. Combined with distributed FPGA infrastructures and a design that provides network flexibility and a robust environment for training.
The process of strengthening cybersecurity is quite challenging, given the knowledge requirements in different subfields of computing.
Therefore, a comprehensive set of methodologies and strategies proposes reconciling theory and practice in teaching various existing topics, aiming to reduce the learning curve of technical concepts, often difficult to materialize.
Our proposal aims to develop the HackInSDN architecture, which seeks to expand training in cybersecurity in testbed environments. It is a set of tools that will offer a more robust and complete environment for training in advanced security topics through network programmability.
HackInSDN will address topics beyond intrusion detection systems, incorporating other features — such as novelty and anomaly detection mechanisms supported by Artificial Intelligence, dynamic attack containment and filtering tools, attack simulation tools, threat intelligence databases, and more.
The figure below presents an overview of HackInSDN.
This component will integrate with the Network Orchestrator and receive a set of network metrics to process statistical machine learning algorithms and then generate Anomaly Alerts.
Suricata is a high-performance tool that can act as an IDS (Intrusion Detection System) or IPS (Intrusion Prevention System) and promotes network security monitoring. It is open-source software maintained by the nonprofit Open Information Security Foundation (OISF).
The Programmable Network Orchestrator plays a central role in the architecture, providing network management and provisioning services, integrating other components. Kytos-ng (https://kytos-ng.github.io) is the SDN orchestration platform that will be used as the basis for HackInSDN, as it incorporates a scalable, flexible, and highly customizable/programmable SDN control solution.
This module will be developed within the HackInSDN project to enable granular and elastic traffic mirroring in the network services provisioned by the Orchestrator.
The role of this module is to provide attack containment and filtering services based on detected anomalies and alerts or requests from the network operator.
Threat intelligence and information-sharing mechanisms are essential for modern defense and security research.
A set of state-of-the-art tools focused on offensive security will be available as part of the HackInSDN project, aiming to conduct ethical hacking and simulate malicious traffic in the described environment.
The HackInSDN project was selected in the public call Hackers do Bem for Research and Development 2023.
Read more about the Hackers do Bem Project.
Found a bug or want to request a feature? Report here!
To contact the development team, write to hackinsdn [@] ufba.br.