Host independent and distributed detection system of the network attack by using OpenFlow

Recently, there are many types of cyber attacks and we should detect as many types as possible. In order to detect a wide variety of attacks, a complete distributed multi-agent system is proposed. However, it requires the software installation in all hosts. The lack of resources also makes it hard to introduce the system to the devices. In this paper, we design a distributed defense algorithm employing a multi-agent system. However, it is hard to detect the wide and shallow attacks such as horizontal portscan and if the systems is completely distributed. Therefore, we need to watch for the whole network in order to detect such attacks. Here, it is proposed to combine the system with OpenFlow which is suitable for having an overall network view. In general, however, OpenFlow has a central control system which is not scalable. Thus, we also propose to use several OpenFlow controllers and share information among them. By sharing information, we show that it is possible to detect a horizontal portscan.