ABSTRACT
This paper explores the potential of enabling SDN security and monitoring services by piggybacking on SDN reactive routing. As a case study, we implement and evaluate a piggybacking based intrusion prevention system called SDN-Defense. Our study of university WiFi traffic traces reveals that up to 73% of malicious flows can be detected by inspecting just the first three packets of a flow, and 90% of malicious flows from the first four packets. Using such empirical insights, we propose to forward the first K packets of each new flow to an augmented SDN controller for security inspection, where K is a dynamically configurable parameter. We characterize the cost-benefit trade-offs of SDN-Defense using real wireless traces and discuss potential scalability issues. Finally, we discuss other applications which can be enhanced by using our proposed piggybacking approach.
- Barefoot networks: https://www.barefootnetworks.com/technology/.Google Scholar
- Cbench: an OpenFlow controller benchmarker. https://github.com/mininet/oflops/tree/master/cbench.Google Scholar
- Netronome: https://www.netronome.com.Google Scholar
- Pox: https://github.com/noxrepo/pox.Google Scholar
- Snort: https://snort.org.Google Scholar
- L Bernaille, R Teixeira, and K Salamatian. Early application identification. In Proceedings of the 2006 ACM CoNEXT conference, page 6. ACM, 2006. Google ScholarDigital Library
- Bernaille et al. Traffic classification on the fly. ACM SIGCOMM Computer Communication Review, 36(2):23--26, 2006. Google ScholarDigital Library
- Giotis et al. Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Computer Networks, 62:122--136, 2014. Google ScholarDigital Library
- Le et al. Traffic dispersion graph based anomaly detection. In Proceedings of the Second Symposium on Information and Communication Technology, pages 36--41. ACM, 2011. Google ScholarDigital Library
- Liao et al. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1):16--24, 2013. Google ScholarDigital Library
- Xing et al. Sdnips: Enabling software-defined networking based intrusion prevention system in clouds. In 10th International Conference on Network and Service Management (CNSM) and Workshop, pages 308--311. IEEE, 2014.Google ScholarCross Ref
- Yoon et al. Enabling security functions with sdn: A feasibility study. Computer Networks, 85:19--35, 2015. Google ScholarDigital Library
- C Liu, A Raghuramu, C-N Chuah, and B Krishnamurthy. Piggybacking network functions on sdn reactive routing: A feasibility study. https://www.dropbox.com/s/5gi0toqqkd89lt4/piggybacking-network-functions-v10.pdf?dl=0, 2016.Google Scholar
- S Mehdi, J Khalid, and S Khayam. Revisiting traffic anomaly detection using software defined networking. In Recent Advances in Intrusion Detection, pages 161--180. Springer, 2011. Google ScholarDigital Library
- A Papadogiannakis, M Polychronakis, and E Markatos. Improving the accuracy of network intrusion detection systems under load using selective packet discarding. In Proceedings of the Third European Workshop on System Security, pages 15--21. ACM, 2010. Google ScholarDigital Library
- Y. Wang, C. Orapinpatipat, H. Gharakheili, et al. Telescope: Flow-level Video Telemetry using SDN. In Proc. of EWSDN, 2016.Google ScholarCross Ref
- Piggybacking Network Functions on SDN Reactive Routing: A Feasibility Study
Recommendations
Leveraging SDN to Improve the Security of DHCP
SDN-NFV Security '16: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function VirtualizationCurrent State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally,...
Performance of SDN Routing in Comparison with Legacy Routing Protocols
CYBERC '15: Proceedings of the 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge DiscoveryLegacy routing protocols such as OSPF and BGP have been developed very comprehensive, but its rigid complex system has been difficult to adapt to the fast growing Internet. The emergence of Software Defined Network (SDN) has brought hope for the ...
Effective bot host detection based on network failure models
Botnet is one of the most notorious threats to Internet users. Attackers intrude into a large group of computers, install remote-controllable software, and then ask the compromised computers to launch large-scale Internet attacks, including sending spam ...
Comments