Jérôme François
ABSTRACT
Network security is a predominant topic both in academia and industry. Many methods and tools have been proposed but the attackers are still able to launch massive and effective attacks. Keeping the pace with the new threats appearing or becoming more sophisticated everyday is of a paramount of importance. Software Defined Networking (SDN) has recently emerged and promotes the programmability of the networks, which thus allows to enable in-network security functions. This includes firewalls, monitoring applications or middlebox support through OpenFlow devices. Therefore, this paper reviews the related approaches which have been proposed by identifying their scope, their practicability, their advantages and their drawbacks.
- H. Abdelnur, R. State, and O. Festor. Advanced Network Fingerprinting. In Recent Advances in Intrusion Detection -- RAID. Springer, 2008. Google Scholar
Digital Library
- J. R. Ballard, I. Rae, and A. Akella. Extensible and scalable network monitoring using opensafe. In Internet Network Management Conference on Research on Enterprise Networking, Berkeley, CA, USA, 2010. USENIX. Google ScholarDigital Library
- A. Bates, K. Butler, A. Haeberlen, M. Sherr, and W. Zhou. Let SDN be your eyes: Secure forensics in data center networks. In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT'14), Feb. 2014.Google ScholarCross Ref
- S. R. Chowdhury, M. F. Bari, R. Ahmed, and R. Boutaba. Payless: A low cost network monitoring framework for software defined networks. In Network Operations and Management Symposium (NOMS), 2014.Google ScholarCross Ref
- S. K. Fayazbakhsh, V. Sekar, M. Yu, and J. C. Mogul. Flowtags: Enforcing network-wide policies in the presence of dynamic middlebox actions. In SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN. ACM, 2013. Google ScholarDigital Library
- J. H. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: Transparent moving target defense using software defined networking. In Hot Topics in Software Defined Networks - HotSDN. ACM, 2012. Google ScholarDigital Library
- L. Jose, M. Yu, and J. Rexford. Online measurement of large traffic aggregates on commodity switches. In Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services -- Hot-ICE. USENIX, 2011. Google ScholarDigital Library
- A. Lahmadi and O. Festor. Secsip: A stateful firewall for sip-based networks. In International Conference on Symposium on Integrated Network Management - IM. IEEE, 2009. Google ScholarDigital Library
- N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2): 69--74, Mar. 2008. Google ScholarDigital Library
- S. A. Mehdi, J. Khalid, and S. A. Khayam. Revisiting traffic anomaly detection using software defined networking. In Recent Advances in Intrusion Detection -- RAID. Springer, 2011. Google ScholarDigital Library
- M. Moshref, M. Yu, and R. Govindan. Resource/accuracy tradeoffs in software-defined measurement. In SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 2013. Google ScholarDigital Library
- A. networks. Worldwide infrastructure security report (2013 report). Technical report, 2014.Google Scholar
- G. Ormazabal, S. Nagpal, E. Yardeni, and H. Schulzrinne. Principles, Systems and Applications of IP Telecommunications - IPTComm. chapter Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems. Springer, 2008.Google Scholar
- T. Peng, C. Leckie, and K. Ramamohanarao. Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Comput. Surv., 39(1), 2007. Google ScholarDigital Library
- R. Perlman. An algorithm for distributed computation of a spanningtree in an extended lan. In Proceedings of the Ninth Symposium on Data Communications, SIGCOMM. ACM, 1985. Google ScholarDigital Library
- K. Phemius and M. Bouet. Monitoring latency with openflow. In Network and Service Management (CNSM), 2013.Google ScholarCross Ref
- S. Shin, V. Yegneswaran, P. Porras, and G. Gu. Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In SIGSAC Conference on Computer & Communications Security - CCS. ACM, 2013. Google ScholarDigital Library
- S. Shirali-Shahreza and Y. Ganjali. Flexam: Flexible sampling extension for monitoring and security applications in openflow. In SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 2013. Google ScholarDigital Library
- M. Suh, S. H. Park, B. Lee, and S. Yang. Building firewall over the software-defined network controller. In Advanced Communication Technology (ICACT), 2014 16th International Conference on, 2014.Google ScholarCross Ref
- A. Tootoonchian, M. Ghobadi, and Y. Ganjali. Opentm: Traffic matrix estimator for openflow networks. In International Conference on Passive and Active Measurement - PAM. Springer, 2010. Google ScholarDigital Library
- N. L. M. Van Adrichem, D. Doerr, and F. A. Kuipers. OpenNetMon: Network Monitoring in OpenFlow Software-Defined Networks. In Network Operations and Management Symposium (NOMS). IEEE/IFIP, 2014.Google Scholar
- C. Yu, C. Lumezanu, Y. Zhang, V. Singh, G. Jiang, and H. V. Madhyastha. Flowsense: Monitoring network utilization with zero measurement cost. In International Conference on Passive and Active Measurement - PAM. Springer, 2013. Google ScholarDigital Library
- M. Yu, L. Jose, and R. Miao. Software defined traffic measurement with opensketch. In Conference on Networked Systems Design and Implementation - NSDI. USENIX, 2013. Google ScholarDigital Library
- Y. Zhang. An adaptive flow counting method for anomaly detection in sdn. In Conference on Emerging Networking Experiments and Technologies - CoNEXT. ACM, 2013. Google ScholarDigital Library
Index Terms
- Network security through software defined networking: a survey
Recommendations
A Survey on Software-Defined Networking Security
MobiMedia '16: Proceedings of the 9th EAI International Conference on Mobile Multimedia CommunicationsSoftware-Defined Networking (SDN) has gained special attention in both academia and industry. It is a new network architecture framework for networking, which decouples the network control plane from the data plane at physical topology. SDN promotes ...
Survey on Software-Defined Networking
CloudCom-Asia 2015: Revised Selected Papers of the Second International Conference on Cloud Computing and Big Data - Volume 9106Recently, both the academia and industry have initiated research directed toward the integration of software-defined networking SDN technologies into the next generation of networking. In this paradigm, SDN transfers the control function from the ...
Towards a Security-Enhanced Firewall Application for OpenFlow Networks
Cyberspace Safety and SecurityAbstractSoftware-Defined Networking (SDN), which offers programmers network-wide visibility and direct control over the underlying switches from a logically-centralized controller, not only has a huge impact on the development of current networks, but ...
Comments