Network Iron Curtain: Hide Enterprise Networks with OpenFlow

详细信息    查看全文

• 作者：YongJoo Song (4)
  Seungwon Shin (5)
  Yongjin Choi (4)
  
• 关键词：Software ; Defined Networking ; OpenFlow ; Network security ; Scanning attack
• 刊名：Lecture Notes in Computer Science
• 出版年：2014
• 出版时间：2014
• 年：2014
• 卷：1
• 期：1
• 页码：218-230
• 全文大小：699 KB
• 参考文献：1. Bro: Network security monitor. http://www.bro.org
  2. Curtis, A.R., Mogul, J.C., Tourrilhes, J., Yalagandula, P., Sharma, P., Banerjee, S.: Devoflow: scaling flow management for high-performance networks. ACM SIGCOMM Comput. Commun. Rev. 41, 254鈥?65 (2011) CrossRef
  3. DSHIELD: Cooperative network security community. http://www.dshield.org/
  4. FIRE: Finding rogue networks. http://maliciousnetworks.org/
  5. FloodLight: Open sdn controller. http://floodlight.openflowhub.org/
  6. Gu, G., Chen, Z., Porras, P., Lee, W.: Misleading and defeating importance-scanning malware propagation. In: Proceedings of the 3rd International Conference on Security and Privacy in Communication Networks (SecureComm鈥?7), September 2007
  7. Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: NOX: towards an operating system for networks. Proc. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105鈥?10 (2008) CrossRef
  8. Jung, J., Milito, R.A., Paxson, V.: On the adaptive real-time detection of fast-propagating network worms. In: H盲mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 175鈥?92. Springer, Heidelberg (2007)
  9. Haadi Jafarian, J., Al-Shaer, E., Duan, Q.: Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, HotSDN 鈥?2 (2012)
  10. Liston, T.: Tom liston talks about labrea. http://labrea.sourceforge.net/Intro-History.html
  11. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38, 69鈥?4 (2008) CrossRef
  12. Mininet: An instant virtual network on your laptop (or other pc). http://mininet.org
  13. Nayak, A., Reimers, A., Feamster, N., Clark, R.: Resonance: dynamic access control for enterprise networks. In: Proceedings of WREN (2009)
  14. OpenFlow: OpenFlow swtch specification version 1.1.0. Technical report (2011). http://www.openflow.org/documents/openflow-spec-v1.1.0.pdf
  15. Popa, L., Yu, M., Ko, S.Y., Stoica, I., Ratnasamy, S.: Cloudpolice: taking access control out of the network. In: Proceedings of the 9th ACM Workshop on Hot Topics in Networks, HotNets (2010)
  16. POX: Python network controller. http://www.noxrepo.org/pox/about-pox/
  17. Schechter, S.E., Jung, J., Berger, A.W.: Fast detection of scanning worm infections. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 59鈥?1. Springer, Heidelberg (2004)
  18. Shin, S., Gu, G.: Cloudwatcher: network security monitoring using openflow in dynamic cloud networks (or: how to provide security monitoring as a service in clouds?). In: 2012 20th IEEE International Conference on Network Protocols (ICNP), October 2012
  19. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: Fresco: modular composable security services for software-defined networks. In: Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS鈥?3), February 2013
  20. Stafford, S., Li, J.: Behavior-based worm detectors compared. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 38鈥?7. Springer, Heidelberg (2010)
  21. Tootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R.: On controller performance in software-defined networks. In: USENIX Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE) (2012)
  22. Sekar, V., Xie, Y., Reiter, M.K., Zhang, H.: A multi-resolution approach for worm detection and containment. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN), June 2006
  23. Wang, R., Butnariu, D., Rexford, J.: Openflow-based server load balancing gone wild. In: Proceedings of the 11th USENIX Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, p. 12. USENIX Association (2011)
  24. Wired: Going with the flow: Googles secret switch to the next wave of networking. http://www.wired.com/wiredenterprise/2012/04/going-with-the-flow-google/
  
• 作者单位：YongJoo Song (4)
  Seungwon Shin (5)
  Yongjin Choi (4)
  
  4. Atto Research, Seoul, Korea
  5. Korea Advanced Institute of Science and Technology, Daejeon, South Korea
  
• ISSN：1611-3349

文摘

In this paper, we propose a new network architecture, Network Iron Curtain that can handle network scanning attacks automatically. Network Iron Curtain does not require additional devices or complicated configurations when it detects scanning attack, and it can confuse scanning attackers by providing fake scanning results. When an attacker sends a scanning packet to a host in Network Iron Curtain, Network Iron Curtain detects this trial and redirects this packet to a honeynet, which is installed with Network Iron Curtain. The honeynet will respond to this scanning packet based on the predefined policy instead of the original target host. Therefore, the attacker will have fake information (i.e., false open port information). We implement a prototype system to verify the proposed architecture, and we show an example case of detecting network scanning.