An OpenvSwitch extension for SDN traceback

Danni Ren; Wenti Jiang; Huakang Li; Guozi Sun

doi:10.1007/978-3-030-02744-5_31

An OpenvSwitch extension for SDN traceback

Danni Ren, Wenti Jiang, Huakang Li, Guozi Sun^*

^*Corresponding author for this work

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

3 Citations (Scopus)

Abstract

While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.

Original language	English
Title of host publication	Network and System Security - 12th International Conference, NSS 2018, Proceedings
Editors	Man Ho Au, Xiapu Luo, Jin Li, Kamil Kluczniak, Siu Ming Yiu, Cong Wang, Aniello Castiglione
Publisher	Springer Verlag
Pages	423-435
Number of pages	13
ISBN (Print)	9783030027438
DOIs	https://doi.org/10.1007/978-3-030-02744-5_31
Publication status	Published - 2018
Externally published	Yes
Event	12th International Conference on Network and System Security, NSS 2018 - Hong Kong, China Duration: 27 Aug 2018 → 29 Aug 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11058 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Network and System Security, NSS 2018
Country/Territory	China
City	Hong Kong
Period	27/08/18 → 29/08/18

Keywords

Logging
OpenvSwitch
Packet marking
Software-defined networking
Traceback

Access to Document

10.1007/978-3-030-02744-5_31

Cite this

Ren, D., Jiang, W., Li, H., & Sun, G. (2018). An OpenvSwitch extension for SDN traceback. In M. H. Au, X. Luo, J. Li, K. Kluczniak, S. M. Yiu, C. Wang, & A. Castiglione (Eds.), Network and System Security - 12th International Conference, NSS 2018, Proceedings (pp. 423-435). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11058 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-02744-5_31

Ren, Danni ; Jiang, Wenti ; Li, Huakang et al. / An OpenvSwitch extension for SDN traceback. Network and System Security - 12th International Conference, NSS 2018, Proceedings. editor / Man Ho Au ; Xiapu Luo ; Jin Li ; Kamil Kluczniak ; Siu Ming Yiu ; Cong Wang ; Aniello Castiglione. Springer Verlag, 2018. pp. 423-435 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1e5d175a45fd409a8001917a39a6638a,

title = "An OpenvSwitch extension for SDN traceback",

abstract = "While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.",

keywords = "Logging, OpenvSwitch, Packet marking, Software-defined networking, Traceback",

author = "Danni Ren and Wenti Jiang and Huakang Li and Guozi Sun",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; 12th International Conference on Network and System Security, NSS 2018 ; Conference date: 27-08-2018 Through 29-08-2018",

year = "2018",

doi = "10.1007/978-3-030-02744-5_31",

language = "English",

isbn = "9783030027438",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "423--435",

editor = "Au, {Man Ho} and Xiapu Luo and Jin Li and Kamil Kluczniak and Yiu, {Siu Ming} and Cong Wang and Aniello Castiglione",

booktitle = "Network and System Security - 12th International Conference, NSS 2018, Proceedings",

}

Ren, D, Jiang, W, Li, H & Sun, G 2018, An OpenvSwitch extension for SDN traceback. in MH Au, X Luo, J Li, K Kluczniak, SM Yiu, C Wang & A Castiglione (eds), Network and System Security - 12th International Conference, NSS 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11058 LNCS, Springer Verlag, pp. 423-435, 12th International Conference on Network and System Security, NSS 2018, Hong Kong, China, 27/08/18. https://doi.org/10.1007/978-3-030-02744-5_31

An OpenvSwitch extension for SDN traceback. / Ren, Danni; Jiang, Wenti; Li, Huakang et al.
Network and System Security - 12th International Conference, NSS 2018, Proceedings. ed. / Man Ho Au; Xiapu Luo; Jin Li; Kamil Kluczniak; Siu Ming Yiu; Cong Wang; Aniello Castiglione. Springer Verlag, 2018. p. 423-435 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11058 LNCS).

Research output: Chapter in Book or Report/Conference proceeding › Conference Proceeding › peer-review

TY - GEN

T1 - An OpenvSwitch extension for SDN traceback

AU - Ren, Danni

AU - Jiang, Wenti

AU - Li, Huakang

AU - Sun, Guozi

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2018.

PY - 2018

Y1 - 2018

N2 - While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.

AB - While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.

KW - Logging

KW - OpenvSwitch

KW - Packet marking

KW - Software-defined networking

KW - Traceback

UR - http://www.scopus.com/inward/record.url?scp=85059036493&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-02744-5_31

DO - 10.1007/978-3-030-02744-5_31

M3 - Conference Proceeding

AN - SCOPUS:85059036493

SN - 9783030027438

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 423

EP - 435

BT - Network and System Security - 12th International Conference, NSS 2018, Proceedings

A2 - Au, Man Ho

A2 - Luo, Xiapu

A2 - Li, Jin

A2 - Kluczniak, Kamil

A2 - Yiu, Siu Ming

A2 - Wang, Cong

A2 - Castiglione, Aniello

PB - Springer Verlag

T2 - 12th International Conference on Network and System Security, NSS 2018

Y2 - 27 August 2018 through 29 August 2018

ER -

Ren D, Jiang W, Li H, Sun G. An OpenvSwitch extension for SDN traceback. In Au MH, Luo X, Li J, Kluczniak K, Yiu SM, Wang C, Castiglione A, editors, Network and System Security - 12th International Conference, NSS 2018, Proceedings. Springer Verlag. 2018. p. 423-435. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-02744-5_31

An OpenvSwitch extension for SDN traceback

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this