The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this poster, we propose leveraging intercontroller communication between two or more controllers in Software Defined Networks (SDNs) to inform other controllers about potential attacks so that they can proactively apply a mitigation strategy. We demonstrate and measure the effectiveness of our method by running a series of tests in an emulated network. We analyze our test results in terms of reducing...
Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often...
In this paper, we propose a hardware-based defense system in Software-Defined Networking architecture to protect against the HTTP GET Flooding attacks, one of the most dangerous Distributed Denial of Service (DDoS) attacks in recent years. Our defense system utilizes per-URL counting mechanism and has been implemented on FPGA as an extension of a NetFPGA-based OpenFlow switch.
The use of Software Defined Network (SDN) in recently networking architecture has brought tremendous advantage in computer networking technology. Administrative issues such as routing, security and load balancing can be centralized and automated in SDN controllers. Controllers have been an integral part of the SDN architecture enabling intelligent networking. However, because all the packets are transmitted...
In this paper, we introduce a SDN(Software Defined Network) based DDoS(Distributed Denial of Service) Defense mechanism. Our mechanism employs SDN's flexibility to redirect packets. The traffic between clients and servers is relayed by a group of dynamic proxy node switches. After several shuffles, our mechanism can mitigate DDoS attack as well as quarantine attackers. The simulation results confirm...
One of the major concerns on today's Software-Defined Network (SDN) is to enhance its security. Files sharing in SDN can be made much more secured against fraudulent activities by the implementation of blockchain technology. When the privacy of network's users is increased, the reliability of system increases correspondingly. Blockchain Security over SDN (BSS) is proposed which protects privacy and...
In view of the traditional intrusion prevention system is connected in series mode in the network, the ability of dealing with the intrusion is limited, and it will cause network congestion easily, especially in the cloud computer environment. Aiming at the problems mentioned above, a scheme for the cloud platform intrusion prevention is proposed in the paper, based on the construction of the software...
Software Defined Networking (SDN) is the latest trend in the networking domain. In SDN, the control plane is decoupled from the data plane in network devices and controlled by the centralized controller using the OpenFlow Protocol. As the centralized controller does all the control functions, strong security support is mandatory. Firewall can be an effective means to protect the SDN controller from...
This paper addresses mainly the problem of private data protection in network communication against eavesdropping attacks. As this kind of attacks is stealthy and untraceable, it is barely detectable for those feature detection or static configuration based passive defense approaches. We propose a Moving Target Defense(MTD) method by utilizing the protocol customization ability of Protocol-Oblivious...
Currently the SDN research community considers in-line dynamic network functions too complex for SDN, leading to calls to purge them from the forwarding plane. This paper introduces a comprehensive framework that tames this complexity and allows network administrators to deploy complex network functions into the SDN forwarding plane to provide enhanced and provable network properties. We first illustrate...
The mapping of Layer 3 (IP) to Layer 2 (MAC) addresses is a key service in IP networks, and is achieved via the ARP protocol in IPv4, and the NDP protocol in IPv6. Due to their stateless nature and lack of authentication, both ARP and NDP are vulnerable to spoofing attacks, which can enable Denial of Service (DoS) or man-in-the-middle (MITM) attacks. In this paper, we discuss the problem of ARP spoofing...
Internet Service Providers (ISPs) are struggling to cope with the growing volume of streaming video traffic in their network, and the problem will only exacerbate as Virtual Reality applications proliferate. To classify and manage bandwidth for video streams, current practise is to either sample traffic for offline analysis or deploy middle-boxes for in-line packet inspection – such solutions are...
The frequency and cost of cyber-attacks continues to grow in commercial information systems. In power systems critical infrastructure, any level of breach may be unacceptable. Securing this infrastructure requires new approaches to communications networks which are not readily vulnerable to remote attack. Standard protocols like Ethernet and IP are difficult to secure. Within well-defined domains,...
In this paper, we describe a new generic interface to a software-defined switch allowing the controller to inform the switch of the existence of an external function. Through the same generic interface, the switch can call for the external function during its internal forwarding processes. Such innovating interface allows the network operator to add new functionalities to the switch, in the form of...
This paper proposes an emulated model of an academic networking testbed by using SDN. This emulated model consists of switching and routing topologies and has been tested to be successfully working for layer (data link) two and layer three functionality. The increasing prices of the every new generation of networking hardware puts budgetary challenges to academic units. The need of the addition of...
There is an increasing demand for secure communication services that can dynamically reflect user needs. Conventional dedicated services such as an Internet VPN or IPVPN using IPsec and MPLS have inherent shortcomings, making it difficult for them to dynamically reflect user requirements when faced with limited network resources. It is also quite important for communication services to deal effectively...
This paper addresses one serious SDN-specific attack, i.e., data-to-control plane saturation attack, which overloads the infrastructure of SDN networks. In this attack, an attacker can produce a large amount of table-miss packet_in messages to consume resources in both control plane and data plane. To mitigate this security threat, we introduce an efficient, lightweight and protocol-independent defense...
Traditional network monitoring involving packet capturing or flow sampling has many challenges such as scalability, accuracy and availability of processing resource when networks become large-scale, high-speed and heterogeneous. SDN is a promising approach to address these challenges, but each SDN switch has it's own capacity limitation, such as it's cache memory called TCAM, and thus it needs coordination...
In Software Defined Network, the controller is so vulnerable to flooding attack. By injecting spoofed request packets continuously, attackers make a burdensome process to the controller, cause bandwidth occupation in the controller-switch channel, and overload the flow table in switch. The final target of attackers is to downgrade or even shutdown the stability and quality of service of the network...
Network Virtualization Overlays (NVO3) provides multi-tenancy services in cloud data centers with existing networking equipment. IP tunneling is an essential technology to logically separate each virtual traffic, in particular, Stateless Transport Tunneling (STT) is considered to achieve better performance using TCP Segmentation Offload (TSO) feature. Currently, there is no openly available implementation...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.