Abstract
The difficulty of network forensics investigation has occurred for a long time since the authentication of packet source was not supported by TCP/IP protocol. Software defined network (i.e., SDN) is good at monitoring and managing the behaviors and states of the network with SDN controller, which brings great convenience for network forensics investigation. However, the most of existing network forensics investigating methods for SDN are just extensions of old ones designed for traditional network framework. Their performance and availability still need improvements. To solve these problems, a network forensics investigating method based on weak consistency for distributed SDN is proposed. A distributed lightweight flow table is given to implement full record of flow information to avoid failures. The weak consistency mechanism is used to reduce synchronization overhead of distributed SDN. What’s more, this method assigns the workload to each distributed controller, as a result, the efficiency of network forensics investigation has significantly improved. Comparison experiments show that this method is applicable for distributed SDN, it has obvious advantages over other method in performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Feamster, N., Rexford, J., Zegura, E.: The road to SDN: an intellectual history of programmable networks. ACM SIGCOMM Comput. Commun. Rev. 44(2), 87–98 (2014)
Jiang, J., et al.: On the survey of network attack source traceback. J. Cyber Secur. 3(1), 111–131 (2018)
Doeppner, T.W., Klein, P.N. and Koyfman, A.: Using router stamping to identify the source of IP packets. In: Proceedings of the 7th ACM conference on Computer and Communications Security, pp.184–189. ACM, New York, NY (2000)
Savage, S., et al.: Network support for IP traceback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001)
Peng, T., Leckie, C., Ramamohanarao, K.: Adjusted probabilistic packet marking for IP traceback. In: Gregori, E., Conti, M., Campbell, A.T., Omidyar, G., Zukerman, M. (eds.) NETWORKING 2002: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications. Lecture Notes in Computer Science, vol. 2345, pp. 697–708. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47906-6_56
Kim, B.: Efficient technique for fast IP traceback. In: Luo, Y. (ed.) Cooperative Design, Visualization, and Engineering, pp. 211–218. Springer, Berlin (2006)
Paruchuri, V., Durresi, A., Chellappan, S.: TTL based packet marking for IP traceback. In: 2008 IEEE Global Telecommunications Conference, pp. 1–5. IEEE, Piscataway (2008)
Liu, J., Lee, Z.J., Chung, Y.C.: Dynamic probabilistic packet marking for efficient IP traceback. Comput. Netw. 51(3), 866–882 (2007)
Dawn, S. and Perrig, A.: Advanced and authenticated marking schemes for IP traceback. In: Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society, Vol. 872, pp. 878–886. IEEE, Piscataway (2001)
Dean, D., Franklin, M., Stubblefield, A.: An algebraic approach to IP traceback. ACM Trans. Inf. Syst. Secur. 5(2), 119–137 (2002). https://doi.org/10.1145/505586.505588
Kim, H., et al.: Network forensic evidence generation and verification scheme (NFEGVS). Telecommun. Syst. 60(2), 261–273 (2015)
Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4), 162–164 (2003)
Liu, X.H., et al.: Analysis of cyber attack traceback techniques from the perspective of network forensics. Ruan Jian Xue Bao/J. Softw. 32(1), 194–217 (2021)
Agarwal, K., et al.: SDN traceroute: tracing SDN forwarding without changing network behavior. In: Third Workshop on Hot Topics in Software Defined Networking, pp. 145–150. ACM, New York (2014)
Handigol, N., et al.: Where is the debugger for my software-defined network? In: First Workshop on Hot Topics in Software Defined Networks, pp. 55–60. ACM, New York (2012)
Ren, Q.Z., et al.: The global flow table based on the software-defined networking. In: 2015 IEEE International Conference on Communication Problem-Solving (ICCP), pp. 264–267. IEEE, Piscataway (2015)
Li, B., et al.: A distributed network tracing system and method based on SDN, CN112350948A. https://d.wanfangdata.com.cn/patent/ChJQYXRlbnROZXdTMjAyMTEwMjYSEENOMjAyMDExMTc0ODc1LjUaCHh4cXlucmV6. Accessed 15 Nov 2021
Peter Bailis, S.V., Franklin, M.J., Hellerstein, J.M., Stoica, I.: Probabilistically bounded staleness for practical partial quorums. Proc. VLDB Endow. 5(8), 776–787 (2012)
Li, J.F., et al.: Quantitative approach of much-controller’s consensus in SDN. J. Commun. 37(6), 86–93 (2016)
Koponen, T., et al.: Onix: a distributed control platform for large-scale production networks. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, pp. 351–364. USENIX Association, Berkeley, CA (2010)
Acknowledgements
This work has been supported by the 2019 Artificial Intelligence Application Demonstration Project of Nansha District (No.2019SF01).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, X., Ding, L., Zheng, T., Yu, F., Jia, Z., Xiao, W. (2022). A Network Forensics Investigating Method Based on Weak Consistency for Distributed SDN. In: Wang, G., Choo, KK.R., Ko, R.K.L., Xu, Y., Crispo, B. (eds) Ubiquitous Security. UbiSec 2021. Communications in Computer and Information Science, vol 1557. Springer, Singapore. https://doi.org/10.1007/978-981-19-0468-4_18
Download citation
DOI: https://doi.org/10.1007/978-981-19-0468-4_18
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-0467-7
Online ISBN: 978-981-19-0468-4
eBook Packages: Computer ScienceComputer Science (R0)