Graph-Based Policy Change Detection and Implementation in SDN

Hussain, Mudassar; Shah, Nadir; Tahir, Ali

doi:10.3390/electronics8101136

Cited by 19 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, an automatic, correct and fast composition of multiple independently specified network policies is an open problem. There are some methods to detect and resolve policy conflicts 40,41 . However, we are not concern about policy specifications and their conflicts in our current work.…”

Section: Proposed Methodsmentioning

confidence: 99%

Middlebox selection optimization via an intelligent framework in software‐defined networking

Zadkhosh

Bahramgiri

Sabaei

2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Software‐defined networking (SDN) has a vital role in network resource utilization. However, it does not provide a comprehensive view of middleboxes (MBs). In this article, we proposed an intelligent dynamic routing framework for performance optimization based on a SDN architecture with a comprehensive view of all network properties. This routing framework also uses the genetic algorithm (GA) for performance improvement. It extracts the CPU, memory, and bandwidth utilization of MBs as dynamic routing parameters. The implemented GA calculates the impact factor (IF) of these parameters to declare the impact of each parameter in network performance. The obtained results show that considering MBs status in flow forwarding improves the tested network's resource utilization by 13, 10, and 7 times compared with hop‐based shortest path first, random path selection, and Round Robin methods, respectively. The results also showed that considering IFs (IFCPU, IFRAM, and IFBW) in routing procedure would improve the network's performance. Therefore, we used the GA to calculate optimal IFs for fairness load balancing and performance optimization. The GA calculates 0.4 and 0.6, for IFCPU and IFBW, respectively. It calculates these IFs only after five iterations. It also showed that we could ignore the RAM utilization parameter in our dynamic routing as our MBs are not memory‐bounded. The simulation results declared that routing with optimal IFs not only improves the network' throughput but also improves load distribution fairness by about 25% compared with routing without the IFs.

show abstract

Section: Proposed Methodsmentioning

confidence: 99%

Middlebox selection optimization via an intelligent framework in software‐defined networking

Zadkhosh

Bahramgiri

Sabaei

2021

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…We have used the multi-dimensional hash-able objects to store the attribute of the link. Although there is a choice of directly using the multidimensional arrays (matrix) for storing and accessing these attributes, it elevates the accessing cost (i.e., time) [49].…”

Section: Raf Path Computationmentioning

confidence: 99%

Reliability Aware Multiple Path Installation in Software-Defined Networking

et al. 2021

Self Cite

View full text Add to dashboard Cite

Link failures frequently occur in communication networks, which negatively impacts network services delivery. Compared to traditional distributed networks, Software-Defined Networking (SDN) provides numerous benefits for link robustness to avoid services unavailability. To cope with link failures, the existing SDN approaches compute multiple paths and install corresponding flow rules at network switches without considering the reliability value of the primary computed path. This increases computation time, traffic overhead and end-to-end packets delay. This paper proposes a new approach called Reliability Aware Multiple Path Flow Rule (RAF) that calculates links reliability and installs minimum flow rules for multiple paths based on the reliability value of the primary path. RAF has been simulated, evaluated and compared with the existing approaches. The simulation results show that RAF performs better than the existing approaches in terms of computation overhead at the controller and reduces end-to-end packet delay and traffic overhead for flow rules installation.

show abstract

“…Another important issue is related to detecting policy changes in an SDN environment. That is, when installing new Flow [34]. Generally speaking, there is a possibility that ransomware may be granted access, even despite being blocked by the controller.…”

Section: Detecting Policy Changesmentioning

confidence: 99%

“…This is because these two approaches depend entirely on monitoring a certain number of legitimate packets (the number of ARP requests, and the attempt to reach the webserver) to impose restrictions on the infected device. Resolving such conflicts is beyond the scope of this paper and the interested reader may refer relevant works [34]- [36].…”

Section: Detecting Policy Changesmentioning

confidence: 99%

SDN-Based Detection of Self-Propagating Ransomware: The Case of BadRabbit

Al-Otaibi

2021

IEEE Access

View full text Add to dashboard Cite

In the last decade, many ransomware attacks had the ability to spread within local networks or even outside them. At the same time, software defined networking (SDN) has provided a major boost to networks by transferring intelligence from network devices to a programmable logically centralised controller. The latter can be programmed to be compatible with the requirements of a wide range of networks and environments in a straightforward manner. This has motivated researchers to design SDNbased security solutions against threats targeting traditional networks and systems. This paper investigates the use of SDN to detect and mitigate the risk of self-propagating ransomware. The infamous BadRabbit ransomware has been used for the proof of concept. To achieve this, an extensive analysis of BadRabbit was performed to identify its characteristics and understand its behaviour at both the infected device level and at the network level. As a result, several unique artifacts were extracted from BadRabbit, which could facilitate its detection. These artifacts were relied upon to design an SDN-based intrusion detection and prevention system. Our system comprises five modules, namely deep packet inspection, ARP scanning detection, packet header inspection, honeypot, and SMB checker. The first two modules have been inspired by other works and have been included for comparison with the existing solutions. Three other modules rely on novel SDN-based methods for ransomware detection. We have also evaluated the efficiency and the performance of our system in terms of detection time, CPU utilisation, as well as TCP and ping latency. Finally, the proposed approach has also been tested for other ransomware families, such as WannaCry and NotPetya. Our experimental results show that the system is effective in terms of detecting self-propagating ransomware and outperforms other proposed approaches. INDEX TERMS Self-propagating ransomware, intrusion detection and prevention, SDN security, BadRabbit detection.

show abstract

Graph-Based Policy Change Detection and Implementation in SDN

Cited by 19 publications

References 33 publications

Middlebox selection optimization via an intelligent framework in software‐defined networking

Middlebox selection optimization via an intelligent framework in software‐defined networking

Reliability Aware Multiple Path Installation in Software-Defined Networking

SDN-Based Detection of Self-Propagating Ransomware: The Case of BadRabbit

Contact Info

Product

Resources

About