Skip to main content
SpringerLink
Log in

Network Iron Curtain: Hide Enterprise Networks with OpenFlow

  • Conference paper
  • First Online:
Book cover Information Security Applications (WISA 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8267))

Included in the following conference series:

Abstract

In this paper, we propose a new network architecture, Network Iron Curtain that can handle network scanning attacks automatically. Network Iron Curtain does not require additional devices or complicated configurations when it detects scanning attack, and it can confuse scanning attackers by providing fake scanning results. When an attacker sends a scanning packet to a host in Network Iron Curtain, Network Iron Curtain detects this trial and redirects this packet to a honeynet, which is installed with Network Iron Curtain. The honeynet will respond to this scanning packet based on the predefined policy instead of the original target host. Therefore, the attacker will have fake information (i.e., false open port information). We implement a prototype system to verify the proposed architecture, and we show an example case of detecting network scanning.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We provide more information about OpenFlow in the next section.

  2. 2.

    We consider that the packet is corrupted if it does not follow the network protocol standard. For example, if a TCP session is initiated by a TCP RST packet, then we regard that the RST packet is corrupted.

  3. 3.

    This timer will be used to detect TCP SYN scanning trials. We will show how the controller uses this timer in the following case.

References

  1. Bro: Network security monitor. http://www.bro.org

  2. Curtis, A.R., Mogul, J.C., Tourrilhes, J., Yalagandula, P., Sharma, P., Banerjee, S.: Devoflow: scaling flow management for high-performance networks. ACM SIGCOMM Comput. Commun. Rev. 41, 254–265 (2011)

    Article  Google Scholar 

  3. DSHIELD: Cooperative network security community. http://www.dshield.org/

  4. FIRE: Finding rogue networks. http://maliciousnetworks.org/

  5. FloodLight: Open sdn controller. http://floodlight.openflowhub.org/

  6. Gu, G., Chen, Z., Porras, P., Lee, W.: Misleading and defeating importance-scanning malware propagation. In: Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm’07), September 2007

    Google Scholar 

  7. Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: NOX: towards an operating system for networks. Proc. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)

    Article  Google Scholar 

  8. Jung, J., Milito, R.A., Paxson, V.: On the adaptive real-time detection of fast-propagating network worms. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 175–192. Springer, Heidelberg (2007)

    Google Scholar 

  9. Haadi Jafarian, J., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, HotSDN ’12 (2012)

    Google Scholar 

  10. Liston, T.: Tom liston talks about labrea. http://labrea.sourceforge.net/Intro-History.html

  11. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38, 69–74 (2008)

    Article  Google Scholar 

  12. Mininet: An instant virtual network on your laptop (or other pc). http://mininet.org

  13. Nayak, A., Reimers, A., Feamster, N., Clark, R.: Resonance: dynamic access control for enterprise networks. In: Proceedings of WREN (2009)

    Google Scholar 

  14. OpenFlow: OpenFlow swtch specification version 1.1.0. Technical report (2011). http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf

  15. Popa, L., Yu, M., Ko, S.Y., Stoica, I., Ratnasamy, S.: Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM Workshop on Hot Topics in Networks, HotNets (2010)

    Google Scholar 

  16. POX: Python network controller. http://www.noxrepo.org/pox/about-pox/

  17. Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 59–81. Springer, Heidelberg (2004)

    Google Scholar 

  18. Shin, S., Gu, G.: Cloudwatcher: network security monitoring using openflow in dynamic cloud networks (or: how to provide security monitoring as a service in clouds?). In: 2012 20th IEEE International Conference on Network Protocols (ICNP), October 2012

    Google Scholar 

  19. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: Fresco: modular composable security services for software-defined networks. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS’13), February 2013

    Google Scholar 

  20. Stafford, S., Li, J.: Behavior-based worm detectors compared. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 38–57. Springer, Heidelberg (2010)

    Google Scholar 

  21. Tootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R.: On controller performance in software-defined networks. In: USENIX Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE) (2012)

    Google Scholar 

  22. Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: A multi-resolution approach for worm detection and containment. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 2006

    Google Scholar 

  23. Wang, R., Butnariu, D., Rexford, J.: Openflow-based server load balancing gone wild. In: Proceedings of the 11th USENIX Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, p. 12. USENIX Association (2011)

    Google Scholar 

  24. Wired: Going with the flow: Googles secret switch to the next wave of networking. http://www.wired.com/wiredenterprise/2012/04/going-with-the-flow-google/

Download references

Author information

Authors and Affiliations

  1. Atto Research, Seoul, Korea

    YongJoo Song & Yongjin Choi

  2. Korea Advanced Institute of Science and Technology, Daejeon, South Korea

    Seungwon Shin

Authors
  1. YongJoo Song
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seungwon Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yongjin Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to YongJoo Song .

Editor information

Editors and Affiliations

  1. KAIST, Daejeon, Korea, Republic of (South Korea)

    Yongdae Kim

  2. Korea University, Seoul, Korea, Republic of (South Korea)

    Heejo Lee

  3. CyLab Carnegie Mellon University, Pittsburgh, Pennsylvania, USA

    Adrian Perrig

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Song, Y., Shin, S., Choi, Y. (2014). Network Iron Curtain: Hide Enterprise Networks with OpenFlow. In: Kim, Y., Lee, H., Perrig, A. (eds) Information Security Applications. WISA 2013. Lecture Notes in Computer Science(), vol 8267. Springer, Cham. https://doi.org/10.1007/978-3-319-05149-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-05149-9_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-05148-2

  • Online ISBN: 978-3-319-05149-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation