short-paper

Public Access

Towards Efficient Traffic Monitoring for Science DMZ with Side-Channel based Traffic Winnowing

Authors:

Lu Yu,

Richard R. BrooksAuthors Info & Claims

SDN-NFV Sec'18: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 55 - 58

https://doi.org/10.1145/3180465.3180474

Published: 14 March 2018 Publication History

PDF eReader

Abstract

As data-intensive science becomes the norm in many fields of science, high-performance data transfer is rapidly becoming a core scientific infrastructure requirement. To meet such a requirement, there has been a rapid growth across university campus to deploy Science DMZs. However, it is challenging to efficiently monitor the traffic in Science DMZ because traditional intrusion detection systems (IDSes) are equipped with deep packet inspection (DPI), which is resource-consuming. We propose to develop a lightweight side-channel based anomaly detection system for traffic winnowing to reduce the volume of traffic finally monitored by the IDS. We evaluate our approach based on the experiments in a Science DMZ environment. Our evaluation demonstrates that our approach can significantly reduce the resource usage in traffic monitoring for Science DMZ.

References

[1]

Edward Balas and A Ragusa. 2014. SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro Supercomputing 2014 conference (SC14).

Google Scholar

[2]

Prasad Calyam, Alex Berryman, Erik Saule, Hari Subramoni, Paul Schopis, Gordon Springer, Umit Catalyurek, and Dhabaleswar K Panda. 2014. Wide-area overlay networking to manage science DMZ accelerated flows Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE, 269--275.

Crossref

Google Scholar

[3]

Eli Dart, Lauren Rotman, Brian Tierney, Mary Hester, and Jason Zurawski. 2014. The science dmz: A network design pattern for data-intensive science. Scientific Programming Vol. 22, 2 (2014), 173--185.

Digital Library

Google Scholar

[4]

Lorenzo De Carli, Robin Sommer, and Somesh Jha. 2014. Beyond pattern matching: A concurrency model for stateful deep packet inspection Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1378--1390.

Digital Library

Google Scholar

[5]

Holger Dreger, Anja Feldmann, Vern Paxson, and Robin Sommer. 2008. Predicting the resource consumption of network intrusion detection systems International Workshop on Recent Advances in Intrusion Detection. Springer, 135--154.

Digital Library

Google Scholar

[6]

Aaron Gember-Jacobson, Raajay Viswanathan, Chaithan Prakash, Robert Grandl, Junaid Khalid, Sourav Das, and Aditya Akella. 2014. OpenNF: Enabling innovation in network function control ACM SIGCOMM Computer Communication Review, Vol. Vol. 44. ACM, 163--174.

Digital Library

Google Scholar

[7]

Muhammad Asim Jamshed, Jihyung Lee, Sangwoo Moon, Insu Yun, Deokjin Kim, Sungryoul Lee, Yung Yi, and KyoungSoo Park. 2012. Kargus: a highly-scalable software-based intrusion detection system Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 317--328.

Digital Library

Google Scholar

[8]

George Khalil. 2015. Open Source IDS High Performance Shootout. https://www.sans.org/reading-room/whitepapers/intrusion/open-source-ids-high-performance-shootout-35772. (2015).

Google Scholar

[9]

C. Lu, J. M. Schwier, R. M. Craven, L. Yu, R. R. Brooks, and C. Griffin. 2013. A Normalized Statistical Metric Space for Hidden Markov Models. IEEE Transactions on Cybernetics Vol. 43, 3 (June. 2013), 806--819.

Google Scholar

Cited By

View all

Garcia Villalba LFernandez JOrozco A(2022)Analysis of MP4 Videos in 5G Using SDNIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.314315923:3(2668-2677)Online publication date: Mar-2022
https://doi.org/10.1109/TITS.2022.3143159
Gong QDeMar PAltunay M(2022)ThunderSecure: deploying real-time intrusion detection for 100G research networks by leveraging stream-based features and one-class classification networkInternational Journal of Information Security10.1007/s10207-022-00584-921:4(799-812)Online publication date: 16-Mar-2022
https://doi.org/10.1007/s10207-022-00584-9
Brooks RWang KOakley JTusing N(2020)Global Internet Traffic Routing and Privacy2020 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)10.1109/MoNeTeC49726.2020.9258193(1-7)Online publication date: 27-Oct-2020
https://doi.org/10.1109/MoNeTeC49726.2020.9258193

Index Terms

Towards Efficient Traffic Monitoring for Science DMZ with Side-Channel based Traffic Winnowing
1. Security and privacy

Recommendations

Service-independent payload analysis to improve intrusion detection in network traffic
AusDM '08: Proceedings of the 7th Australasian Data Mining Conference - Volume 87

The popularity of computer networks broadens the scope for network attackers and increases the damage these attacks can cause. In this context, Intrusion Detection Systems (IDS) are included as part of any complete security package. This work focuses on ...
Traffic shaping and bandwidth allocation algorithms for vbr traffic
Clustering botnet communication traffic based on n-gram feature selection

Recognized as one the most serious security threats on current Internet infrastructure, botnets can not only be implemented by existing well known applications, e.g. IRC, HTTP, or Peer-to-Peer, but also can be constructed by unknown or creative ...

Comments

Information & Contributors

Information

Published In

SDN-NFV Sec'18: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2018

64 pages

ISBN:9781450356350

DOI:10.1145/3180465

General Chairs:
Gail-Joon Ahn
Arizona State University, USA and Samsung Research, Korea
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Funding Sources

National Science Foundation

Conference

CODASPY '18

Sponsor:

SIGSAC

CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy

March 21, 2018

AZ, Tempe, USA

Acceptance Rates

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
232
Total Downloads

Downloads (Last 12 months)67
Downloads (Last 6 weeks)13

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Garcia Villalba LFernandez JOrozco A(2022)Analysis of MP4 Videos in 5G Using SDNIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2022.314315923:3(2668-2677)Online publication date: Mar-2022
https://doi.org/10.1109/TITS.2022.3143159
Gong QDeMar PAltunay M(2022)ThunderSecure: deploying real-time intrusion detection for 100G research networks by leveraging stream-based features and one-class classification networkInternational Journal of Information Security10.1007/s10207-022-00584-921:4(799-812)Online publication date: 16-Mar-2022
https://doi.org/10.1007/s10207-022-00584-9
Brooks RWang KOakley JTusing N(2020)Global Internet Traffic Routing and Privacy2020 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)10.1109/MoNeTeC49726.2020.9258193(1-7)Online publication date: 27-Oct-2020
https://doi.org/10.1109/MoNeTeC49726.2020.9258193

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Service-independent payload analysis to improve intrusion detection in network traffic

Traffic shaping and bandwidth allocation algorithms for vbr traffic

Clustering botnet communication traffic based on n-gram feature selection