The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Software-Defined Networks (SDN) is an emerging area that promises to change the way we design, build, and operate network architecture. It tends to shift from traditional network architecture of proprietary based to open and programmable network architecture. However, this new innovative and improved technology also brings another security burden into the network architecture, with existing and emerging...
Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often...
The use of Software Defined Network (SDN) in recently networking architecture has brought tremendous advantage in computer networking technology. Administrative issues such as routing, security and load balancing can be centralized and automated in SDN controllers. Controllers have been an integral part of the SDN architecture enabling intelligent networking. However, because all the packets are transmitted...
In view of the traditional intrusion prevention system is connected in series mode in the network, the ability of dealing with the intrusion is limited, and it will cause network congestion easily, especially in the cloud computer environment. Aiming at the problems mentioned above, a scheme for the cloud platform intrusion prevention is proposed in the paper, based on the construction of the software...
Abstract- A number of challenges are facing the design of secure datacenter environments, such as applications high throughput requirements, low latency applications, scalability, ability to detect Advanced Persistent Threats (APT), bring your own device (BYOD), and protection against Distributed denial of service (DDOS) attacks. Software Defined networking (SDN) is an emerging paradigm that provides...
Currently the SDN research community considers in-line dynamic network functions too complex for SDN, leading to calls to purge them from the forwarding plane. This paper introduces a comprehensive framework that tames this complexity and allows network administrators to deploy complex network functions into the SDN forwarding plane to provide enhanced and provable network properties. We first illustrate...
The mapping of Layer 3 (IP) to Layer 2 (MAC) addresses is a key service in IP networks, and is achieved via the ARP protocol in IPv4, and the NDP protocol in IPv6. Due to their stateless nature and lack of authentication, both ARP and NDP are vulnerable to spoofing attacks, which can enable Denial of Service (DoS) or man-in-the-middle (MITM) attacks. In this paper, we discuss the problem of ARP spoofing...
The frequency and cost of cyber-attacks continues to grow in commercial information systems. In power systems critical infrastructure, any level of breach may be unacceptable. Securing this infrastructure requires new approaches to communications networks which are not readily vulnerable to remote attack. Standard protocols like Ethernet and IP are difficult to secure. Within well-defined domains,...
Software defined networking (SDN) is an innovative networking paradigm that allows network administrators to manage network services through the abstraction of higher-level functionality. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane). In the control...
Multi-Processors Systems-on-Chip (MPSoCs), as a key technology enabler of the new computation paradigm Internet-of-Things (IoT), are exposed to attacks. Malicious applications can be downloaded at runtime to the MPSoC, infect IPs and open doors to perform timing attacks. By monitoring the Network-on-Chip (NoC) traffic, an attacker is able to spy sensitive information such as secret keys. Previous...
Software-defined networks (SDNs) offer network defenders the opportunity to choose from a variety of protection techniques in response to different threats. In contrast, traditional network architectures often lack the flexibility to implement threat-specific security controls. This research was conducted on a hardware SDN test bed running custom security applications to demonstrate techniques that...
Dynamic Host Configuration Protocol (DHCP) starvation is an insider attack which prevents legitimate DHCP clients from acquiring network configuration parameters from DHCP server. The classical methods of creating starvation attack has a practical difficulty in wireless networks where an Access Point (AP) mandates a client to associate with unique MAC address before it can transmit such requests....
in this work, SDN has been utilized to alleviate and eliminate the problem of ARP poisoning attack. This attack is the underlying infrastructure for many other network attacks, such as, man in the middle, denial of service and session hijacking. In this paper we propose a new algorithm to resolve the problem of ARP spoofing. The algorithm can be applied in two different scenarios. The two scenarios...
This paper addresses one serious SDN-specific attack, i.e., data-to-control plane saturation attack, which overloads the infrastructure of SDN networks. In this attack, an attacker can produce a large amount of table-miss packet_in messages to consume resources in both control plane and data plane. To mitigate this security threat, we introduce an efficient, lightweight and protocol-independent defense...
Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the...
IPv6 is a technology that provides enormous address space and end-to-end communication, features that are required in the context of the device automation integration for future network. The transition to IPv6 holds the future of the internet infrastructure. Software-defined networking (SDN) defines a new concept for computer networks that can separate and provide abstract elements of network devices...
Cloud computing data centers are becoming increasingly popular for the provisioning of computing resources. In the past, most of the research works focused on the effective use of the computational and storage resources by employing the Virtualization technology. Network automation and virtualization of data center LAN and WAN were not the primary focus. Recently, a key emerging trend in Cloud computing...
As there is a rapid growth in use of consumer embedded products from past decade, new tendencies forecast highly the usage of heterogeneous Multi-Processor Systems-On-Chip (MPSoCs) consisting of complex integrated components communicating with each other at very high-speed rates. As MPSoCs are made up of hundreds of cores, Intercommunication requirements will not be feasible using a single shared...
Malware and computer forensic researchers often communicate with malicious servers, either directly or indirectly, through the web browser or other ports utilized by malicious software. Communication with this form of adversary can sometimes necessitate the use of a proxy server in order to conceal the true origin of the researcher's traffic. Open source projects such as OpenVPN currently offer a...
IP multicast is the best communication way for group-oriented applications in the internet. The next generation of DVB-based GEO satellites, supporting real-time multicast services, is characterized by the OBS (On-Board Switching) and multiple spot beams technologies. In this paper we focus on the efficient transmission of IP multicast over satellite DVB and on its security. For this, we propose a...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.