Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406128
Martin Laštovička, Daniel Filakovsky
Operating system identification of communicating devices plays an important part in network protection. However, current networks are large and change often which implies the need for a system that will be able to continuously monitor the network and handle changes in identified operating systems. In this paper, we propose an architecture of an OS fingerprinting system based on passive network monitoring and a graph-based data model to store and present information about operating systems in the network. We implemented the proposed architecture and tested it on the backbone network of Masaryk University. Our results suggest that it is suitable for monitoring a large network with tens of thousands of actively communicating devices.
{"title":"Passive os fingerprinting prototype demonstration","authors":"Martin Laštovička, Daniel Filakovsky","doi":"10.1109/NOMS.2018.8406128","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406128","url":null,"abstract":"Operating system identification of communicating devices plays an important part in network protection. However, current networks are large and change often which implies the need for a system that will be able to continuously monitor the network and handle changes in identified operating systems. In this paper, we propose an architecture of an OS fingerprinting system based on passive network monitoring and a graph-based data model to store and present information about operating systems in the network. We implemented the proposed architecture and tested it on the backbone network of Masaryk University. Our results suggest that it is suitable for monitoring a large network with tens of thousands of actively communicating devices.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76724731","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406327
Wazen M. Shbair, M. Steichen, J. François, R. State
Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environment. Many public testnets (e.g. Rinkeby Ethereum) can be used for testing, however, we cannot adjust their parameters (e.g. Gas limit, Mining difficulty) to further the understanding of the application in question and of the employed blockchain. This paper proposes an easy to use orchestration framework over the Grid'5000 platform. Grid'5000 is a highly reconfigurable and controllable large-scale testbed. We developed a tool that facilitates nodes reservation, deployment and blockchain configuration over the Grid'5000 platform. In addition, our tool can fine-tune blockchain and network parameters before and between experiments. The proposed framework offers insights for private and consortium blockchain developers to identify performance bottlenecks and to assess the behavior of their applications in different circumstances.
{"title":"Blockchain orchestration and experimentation framework: A case study of KYC","authors":"Wazen M. Shbair, M. Steichen, J. François, R. State","doi":"10.1109/NOMS.2018.8406327","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406327","url":null,"abstract":"Conducting experiments to evaluate blockchain applications is a challenging task for developers, because there is a range of configuration parameters that control blockchain environment. Many public testnets (e.g. Rinkeby Ethereum) can be used for testing, however, we cannot adjust their parameters (e.g. Gas limit, Mining difficulty) to further the understanding of the application in question and of the employed blockchain. This paper proposes an easy to use orchestration framework over the Grid'5000 platform. Grid'5000 is a highly reconfigurable and controllable large-scale testbed. We developed a tool that facilitates nodes reservation, deployment and blockchain configuration over the Grid'5000 platform. In addition, our tool can fine-tune blockchain and network parameters before and between experiments. The proposed framework offers insights for private and consortium blockchain developers to identify performance bottlenecks and to assess the behavior of their applications in different circumstances.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85015741","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406142
Yongyi Ran, Xiaoban Wu, Peilong Li, Chen Xu, Yan Luo, Liang-Min Wang
Network measurement is critical in network management such as performance monitoring, diagnosis, and traffic engineering. However, conventional network measurement solutions are limited by simple and fixed functionalities as well as coarse-grained statistics which often fail to precisely illustrate network conditions. In this paper, we propose an event-driven declarative query language, EQuery, for programmable network management in order to design sophisticated measurement tasks and enable event mechanism to avoid human intervene. Furthermore, we design a compiler to support the query language on the EQuery Controller, which drives the chaining query workflow with nondeterministic finite automaton (NFA), and translates measurement jobs into low-level rules/states on the physical devices. Finally, we evaluate the effectiveness of our EQuery framework on a nation-wide operational network with real-time network statistics.
{"title":"EQuery: Enable event-driven declarative queries in programmable network measurement","authors":"Yongyi Ran, Xiaoban Wu, Peilong Li, Chen Xu, Yan Luo, Liang-Min Wang","doi":"10.1109/NOMS.2018.8406142","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406142","url":null,"abstract":"Network measurement is critical in network management such as performance monitoring, diagnosis, and traffic engineering. However, conventional network measurement solutions are limited by simple and fixed functionalities as well as coarse-grained statistics which often fail to precisely illustrate network conditions. In this paper, we propose an event-driven declarative query language, EQuery, for programmable network management in order to design sophisticated measurement tasks and enable event mechanism to avoid human intervene. Furthermore, we design a compiler to support the query language on the EQuery Controller, which drives the chaining query workflow with nondeterministic finite automaton (NFA), and translates measurement jobs into low-level rules/states on the physical devices. Finally, we evaluate the effectiveness of our EQuery framework on a nation-wide operational network with real-time network statistics.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90864403","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406193
Y. Minami, Atsushi Taniguchi, T. Kawabata, Norio Sakaida, K. Shimano
The concept of "Network slicing" enables us to provide an optimized logical infrastructure for each service. We construct multiple isolated logical infrastructures, slices, on a single physical infrastructure. Each slice accesses appropriate virtual network functions, a logical topology, isolated logical com-putational resources, and isolated logical network resources for the service to be provided. However, designing a service-specific slice is generally complicated. In general, service providers and slice providers are different. Therefore, service providers must design a slice optimized for their service and request slice construction from slice providers; slice providers need to understand a service to design a slice. This creates excessive time and cost overheads. We target automatic network slicing for services from the slice providers' point of view. In this paper, we assume that service providers develop their services from microservices. We show an architecture for automatic network slicing for microservices and implement it. We also discuss the issues revealed by our implementation efforts. This knowledge can be used to realize more general automatic network slicing for other service development methods. Automatic network slicing will provide slices more quickly and cheaply.
{"title":"An architecture and implementation of automatic network slicing for microservices","authors":"Y. Minami, Atsushi Taniguchi, T. Kawabata, Norio Sakaida, K. Shimano","doi":"10.1109/NOMS.2018.8406193","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406193","url":null,"abstract":"The concept of \"Network slicing\" enables us to provide an optimized logical infrastructure for each service. We construct multiple isolated logical infrastructures, slices, on a single physical infrastructure. Each slice accesses appropriate virtual network functions, a logical topology, isolated logical com-putational resources, and isolated logical network resources for the service to be provided. However, designing a service-specific slice is generally complicated. In general, service providers and slice providers are different. Therefore, service providers must design a slice optimized for their service and request slice construction from slice providers; slice providers need to understand a service to design a slice. This creates excessive time and cost overheads. We target automatic network slicing for services from the slice providers' point of view. In this paper, we assume that service providers develop their services from microservices. We show an architecture for automatic network slicing for microservices and implement it. We also discuss the issues revealed by our implementation efforts. This knowledge can be used to realize more general automatic network slicing for other service development methods. Automatic network slicing will provide slices more quickly and cheaply.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90678902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406119
Emmanouil Vasilomanolakis, Jörg Daubert, Dhanasekar Boopalan, M. Mühlhäuser
The increased utilization of Unmanned Aerial Vehicles (UAVs) in both personal as well as commercial and public safety scenarios has also opened the door to adversaries. In more details, such malicious activities may include the hijacking of the UAV (and its cargo), the theft of private information stored in the device, etc. In this paper, we introduce the idea of a honeypot that is specifically designed for the protection of UAVs. The honeypot, which is also capable of running on small portable devices, e.g., a Raspberry Pi, emulates a number of UAV-specific and UAV-tailored protocols, making it possible to lure adversaries into attacking it. Our system can assist into detecting active attackers in a certain area as well as into shedding light into the adversaries' techniques for compromising UAVs.
{"title":"Don't steal my drone: Catching attackers with an unmanned aerial vehicle honeypot","authors":"Emmanouil Vasilomanolakis, Jörg Daubert, Dhanasekar Boopalan, M. Mühlhäuser","doi":"10.1109/NOMS.2018.8406119","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406119","url":null,"abstract":"The increased utilization of Unmanned Aerial Vehicles (UAVs) in both personal as well as commercial and public safety scenarios has also opened the door to adversaries. In more details, such malicious activities may include the hijacking of the UAV (and its cargo), the theft of private information stored in the device, etc. In this paper, we introduce the idea of a honeypot that is specifically designed for the protection of UAVs. The honeypot, which is also capable of running on small portable devices, e.g., a Raspberry Pi, emulates a number of UAV-specific and UAV-tailored protocols, making it possible to lure adversaries into attacking it. Our system can assist into detecting active attackers in a certain area as well as into shedding light into the adversaries' techniques for compromising UAVs.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83670633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406156
Khalid Shahbar, A. N. Zincir-Heywood
Anonymity networks provide privacy to the users by relaying their data to multiple destinations in order to reach the final destination anonymously. Multilayer of encryption is used to protect the users' privacy from attacks or even from the operators of the stations. In this research, we showed how flow analysis could be used to identify encrypted anonymity network traffic under four scenarios: (i) Identifying anonymity networks compared to normal background traffic; (ii) Identifying the type of applications used on the anonymity networks; (iii) Identifying traffic flow behaviors of the anonymity network users; and (iv) Identifying / profiling the users on an anonymity network based on the traffic flow behavior. In order to study these, we employ a machine learning based flow analysis approach and explore how far we can push such an approach.
{"title":"How far can we push flow analysis to identify encrypted anonymity network traffic?","authors":"Khalid Shahbar, A. N. Zincir-Heywood","doi":"10.1109/NOMS.2018.8406156","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406156","url":null,"abstract":"Anonymity networks provide privacy to the users by relaying their data to multiple destinations in order to reach the final destination anonymously. Multilayer of encryption is used to protect the users' privacy from attacks or even from the operators of the stations. In this research, we showed how flow analysis could be used to identify encrypted anonymity network traffic under four scenarios: (i) Identifying anonymity networks compared to normal background traffic; (ii) Identifying the type of applications used on the anonymity networks; (iii) Identifying traffic flow behaviors of the anonymity network users; and (iv) Identifying / profiling the users on an anonymity network based on the traffic flow behavior. In order to study these, we employ a machine learning based flow analysis approach and explore how far we can push such an approach.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84232030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406227
Ding-Fong Huang, Chien Chen, Mahadevan Thanavel
In order to accomplish a stringent speed requirement for processing internet services such as Access Control List (ACL), Quality of Service (QoS), firewalls, etc., software based OpenFlow switches must have a fast packet classification capability. Even for hardware based OpenFlow switches, a limited size of Ternary Content Addressable Memory (TCAM) in the switch could be only enough for a forwarding table. Therefore, ACL, firewall tables, etc. need to be implemented by using the memory of the switch CPU. However, it has become a great challenge to build extremely effectively for next-generation software based packet classification that supports higher throughput and larger flow entries in OpenFlow switch. This paper first exploits a fast packet classification algorithm that forms a R*-Tree based Bitmap Intersection and secondly discusses an enhanced R*-Tree based Bitmap Intersection by using Bloom Filter and Multiple R*-Tree. The evaluation results show that the performance of the algorithm in OpenFlow switches is 4.42 times of Bitmap Intersection and 5.16 times of R*-Tree algorithm and consumes only 300 KB of memory space, which is much less than that of other methods. Finally, the use of multiple R*-Trees has further improved memory usage by about 30%.
{"title":"Fast packet classification on OpenFlow switches using multiple R*-tree based bitmap intersection","authors":"Ding-Fong Huang, Chien Chen, Mahadevan Thanavel","doi":"10.1109/NOMS.2018.8406227","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406227","url":null,"abstract":"In order to accomplish a stringent speed requirement for processing internet services such as Access Control List (ACL), Quality of Service (QoS), firewalls, etc., software based OpenFlow switches must have a fast packet classification capability. Even for hardware based OpenFlow switches, a limited size of Ternary Content Addressable Memory (TCAM) in the switch could be only enough for a forwarding table. Therefore, ACL, firewall tables, etc. need to be implemented by using the memory of the switch CPU. However, it has become a great challenge to build extremely effectively for next-generation software based packet classification that supports higher throughput and larger flow entries in OpenFlow switch. This paper first exploits a fast packet classification algorithm that forms a R*-Tree based Bitmap Intersection and secondly discusses an enhanced R*-Tree based Bitmap Intersection by using Bloom Filter and Multiple R*-Tree. The evaluation results show that the performance of the algorithm in OpenFlow switches is 4.42 times of Bitmap Intersection and 5.16 times of R*-Tree algorithm and consumes only 300 KB of memory space, which is much less than that of other methods. Finally, the use of multiple R*-Trees has further improved memory usage by about 30%.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83650226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406161
Michel S. Bonfim, Rafael Roque, E. Coutinho, K. Dias, S. Fernandes
Network Function Visualization (NFV) is transforming the market for computer networks. Most proposed NFV solutions have been implemented and tested in cloud computing environments. In this context, both hardware and software-based features have been used to improve the performance of Virtual Network Functions (VNFs) by speeding up packet processing. However, there are still essential research challenges that need to be tackled to provide better performance experiences for NFV Services, such as detecting and diagnosing performance bottlenecks. However, due to the characteristics inherited from both Cloud and NFV environments, the detection and diagnose of performance problems is a complex task. In this work, we proposed PerfChecker, a monitoring tool that aims at detecting and diagnosing performance bottlenecks in Cloud-based NFV environments. We implemented a PerfChecker prototype for OpenStack and performed some experiments demonstrating that it can assist the cloud infrastructure operator to improve the performance of NFV services.
{"title":"Identifying performance bottlenecks in software data planes for cloud-based NFV services","authors":"Michel S. Bonfim, Rafael Roque, E. Coutinho, K. Dias, S. Fernandes","doi":"10.1109/NOMS.2018.8406161","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406161","url":null,"abstract":"Network Function Visualization (NFV) is transforming the market for computer networks. Most proposed NFV solutions have been implemented and tested in cloud computing environments. In this context, both hardware and software-based features have been used to improve the performance of Virtual Network Functions (VNFs) by speeding up packet processing. However, there are still essential research challenges that need to be tackled to provide better performance experiences for NFV Services, such as detecting and diagnosing performance bottlenecks. However, due to the characteristics inherited from both Cloud and NFV environments, the detection and diagnose of performance problems is a complex task. In this work, we proposed PerfChecker, a monitoring tool that aims at detecting and diagnosing performance bottlenecks in Cloud-based NFV environments. We implemented a PerfChecker prototype for OpenStack and performed some experiments demonstrating that it can assist the cloud infrastructure operator to improve the performance of NFV services.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89122531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406143
Alexander Keller, C. Dawson
Service Management Automation is widely regarded as the foundation for improving both productivity as well as quality of Service Delivery. For large Service Providers such as IBM Global Technology Services (GTS), Hybrid IT deployments present a variety of challenges in large deployments on a global scale. We describe an approach and our experiences to drastically improve the cycle times of change management, based on an extensive Service Request Catalog and a CMDB. We point out the key design points of our architecture and describe the tradeoffs we had to make, which we subsequently distill into a set of best practices.
服务管理自动化被广泛认为是提高生产力和服务交付质量的基础。对于像IBM Global Technology Services (GTS)这样的大型服务提供商,混合IT部署在全球范围内的大型部署中提出了各种各样的挑战。我们描述了一种基于广泛的服务请求目录和CMDB的方法和我们的经验,以大幅度改善变更管理的周期时间。我们指出了架构的关键设计点,并描述了我们必须做出的权衡,我们随后将其提炼成一组最佳实践。
{"title":"Months into minutes: Rolling out changes faster with service management automation","authors":"Alexander Keller, C. Dawson","doi":"10.1109/NOMS.2018.8406143","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406143","url":null,"abstract":"Service Management Automation is widely regarded as the foundation for improving both productivity as well as quality of Service Delivery. For large Service Providers such as IBM Global Technology Services (GTS), Hybrid IT deployments present a variety of challenges in large deployments on a global scale. We describe an approach and our experiences to drastically improve the cycle times of change management, based on an extensive Service Request Catalog and a CMDB. We point out the key design points of our architecture and describe the tradeoffs we had to make, which we subsequently distill into a set of best practices.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89319215","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-23DOI: 10.1109/NOMS.2018.8406205
Bahman Rashidi, Carol J. Fung, Kevin W. Hamlen, Andrzej Kamisiński
Intrusion detection in modern enterprise networks faces challenges due to the increasing large volume of data and insufficient training data for anomaly detections. In this work, we propose a novel network topology for improved intrusion detection through multi-phase data monitoring system. Rather than the all-or-nothing approach to terminate all sessions identified as suspicious, the topology route traffic to different servers replicas with different monitoring intensity level based on their likelihood of attacks. This topology leverages recent advances in software-defined networking (SDN) to dynamically route such sessions into risk-appropriate computing environments. These environments offer enhanced training opportunities intrusion detection systems (IDSes) by exposing data streams that would not have been observable had the session merely been terminated at the first sign of maliciousness. They also afford defenders finer- grained risk management by supporting a continuum of endpoint environments, ranging from fully trusted, to semi-trusted, to fully untrusted, for example.
{"title":"HoneyV: A virtualized honeynet system based on network softwarization","authors":"Bahman Rashidi, Carol J. Fung, Kevin W. Hamlen, Andrzej Kamisiński","doi":"10.1109/NOMS.2018.8406205","DOIUrl":"https://doi.org/10.1109/NOMS.2018.8406205","url":null,"abstract":"Intrusion detection in modern enterprise networks faces challenges due to the increasing large volume of data and insufficient training data for anomaly detections. In this work, we propose a novel network topology for improved intrusion detection through multi-phase data monitoring system. Rather than the all-or-nothing approach to terminate all sessions identified as suspicious, the topology route traffic to different servers replicas with different monitoring intensity level based on their likelihood of attacks. This topology leverages recent advances in software-defined networking (SDN) to dynamically route such sessions into risk-appropriate computing environments. These environments offer enhanced training opportunities intrusion detection systems (IDSes) by exposing data streams that would not have been observable had the session merely been terminated at the first sign of maliciousness. They also afford defenders finer- grained risk management by supporting a continuum of endpoint environments, ranging from fully trusted, to semi-trusted, to fully untrusted, for example.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86484840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: