DOI QR코드

DOI QR Code

A Reflectornet Based on Software Defined Network

소프트웨어 정의 네트워크 기반 리플렉터넷

  • Received : 2014.06.02
  • Accepted : 2014.06.18
  • Published : 2014.06.30

Abstract

Software-Defined Networking (SDN), which separates the control plane from the data plane and manages data planes in a centralized way, is now considered as a future networking technology, and many researchers and practitioners have dived into this area to devise new network applications, such new routing methods. Likewise, network security applications could be redesigned with SDN, and some pioneers have proposed several interesting network security applications with SDN. However, most approaches have just reimplemented some well-known network security applications, although SDN provides many interesting features, They didn't effectively use them. To investigate if we can use SDN in realizing sophisticated network security applications, we have designed and implemented an advanced network security application, Reflectornet, which redirects malicious or suspicious network trials to other security monitoring points (e.g., honeypot). In addition, we have tested its performance and practicability in diverse angles. Our findings and some insights will encourage other researchers to design better or intelligent network security applications with SDN.

소프트웨어 정의 네트워킹(SDN)은 기존의 네트워킹 구조와는 상이하게 제어 계층과 데이터 계층이 분리되어 있어 데이터 계층을 중앙 집중 형태로 제어할 수 있는 네트워킹 구조로서 차세대 네트워킹 기술로 강력히 거론되고 있다. 이러한 기술을 잘 활용하면, 새롭고 다양한 네트워크 기능을 어플리케이션의 형태로 개발이 가능하여, 현재 해당 분야에 대한 연구가 활발히 이루어지고 있다. 뿐만 아니라, 새로운 라우팅 기능 등과 같은 기본적인 네트워크 기능 외에도 네트워크 보안 기능 또한 SDN 기술을 활용하면 재설계가 가능하여 흥미로운 네트워크 보안 애플리케이션들이 다수 제안되었다. 그러나 현재까지 제안된 네트워크 보안 애플리케이션들은 대부분 기존의 네트워크 기능을 SDN기술을 활용하여 재구현하였기 때문에, SDN이 제공하는 많은 기능들을 효과적으로 사용하지는 못하였다. 따라서 본 논문에서는 SDN기술을 사용하여 악성 및 의심스러운 네트워크 공격 시도를 허니팟과 같은 감시/분석 시스템으로 재전송(redirect)해주는 기능인 리플렉터넷(Reflectornet)애플리케이션을 설계하고 구현하였다. 또한, 해당 애플리케이션의 성능과 실용성을 실험을 통해 검증한다. 본 논문의 결과는 SDN 기술을 사용하여 더 지능적이고 진보된 네트워크 보안 애플리케이션을 설계하는 방법에 대한 연구를 촉진하는데 큰 기여를 할 수 있을 것이다.

Keywords

References

  1. ONF Market Education Committee, Software-Defined Networking: The New Norm for Networks, ONF White Paper, Palo Alto, US: Open Networking Foundation, Apr. 2012.
  2. A. Nayak, A. Reimers, N. Feamster, and R. Clark, "Resonance: Dynamic access control for enterprise networks," in Proc. Workshop on Research in Enterprise Networks, pp. 11-18, Barcelona, Spain, Aug. 2009.
  3. R. Braga, E. Mota, and A. Passito, "Lightweight ddos flooding attack detection using nox/openflow," in Proc. IEEE Conf. Local Computer Networks(LCN), pp. 416-423, Denver, CO, USA, Oct. 2010.
  4. M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford, "A NICE way to test OpenFlow applications," in Proc. Usenix Conf. Networked Systems Design and Implementation (NSDI'12), pp. 351-364, San Francisco, California, Apr. 2012.
  5. B. Heller, S. Seetharaman, P. Mahadevan, Y. Yiakoumis, P. Sharma, S. Banerjee, and N. McKeown, "Elastictree: Saving energy in data center networks," in Proc. Usenix Conf. Networked Systems Design and Implementation (NSDI'10), San Jose, pp. 17-17, California, Apr. 2010.
  6. R. Sherwood, G. Gibb, K. K. Yap, and G. Appenzeller, "Can the production network be the testbed," in Proc. USENIX Operating System Design and Implementation(OSDI), pp. 1-6, Vancouver, BC, Canada, Oct. 2010.
  7. S. Shin and G. Gu, "Cloudwatcher: Network security monitoring using openflow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in Proc. Workshop Secure Network Protocols (NPSec'12), co-located with IEEE ICNP'12, pp. 1-6, Austin, TX, USA, Oct. 2012.
  8. S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, and M. Tyson, "Fresco: Modular composable security services for software-defined networks," in Proc. Annu. Network and Distributed System Security Symp. (NDSS'13), San Diego, CA, USA, Feb. 2013.
  9. S. Shirali-Shahreza and Y. Ganjali, "Efficient implementation of security applications in openflow controller with flexam," in IEEE Annu. Symp. High-Performance Interconnects, pp. 49-54, San Jose, CA, USA, Aug. 2013.
  10. M. Yu, L. Jose, and R. Miao, "Software defined traffic measurement with opensketch," in Proc. USENIX Conf. Netw. Syst. Design Implementation, pp. 29-42, Berkeley, CA, USA, Apr. 2013.
  11. S. Shin, V. Yegneswaran, P. Porras, and G. Gu, "Avant-guard: Scalable and vigilant switch flow management in software-defined networks," in Proc. ACM Conf. Comput. Commun. Security (CCS'13), pp. 413-424, Berlin, Germany, Nov. 2013.
  12. Curtis Yu, Cristian Lumezanu, Yueping Zhang, Vishal Singh, Guofei Jiang, and Harsha V. Madhyastha. "Flowsense: monitoring network utilization with zero measurement cost," in Proc. Int. Conf. Passive and Active Measurement (PAM'13), pp. 31-41, Hong Kong, China, Mar. 2013.
  13. S. Jain et al, "B4: Experience with a globally-deployed software defined WAN," in Proc. ACM SIGCOMM 2013, pp. 3-14, Hong Kong, China, Aug. 2013.
  14. Facebook, Open Computer Project(2011), Retrieved May, 29, 2014, from http://www.opencompute.org/projects/networking/
  15. P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu, "A security enforcement kernel for openflow networks," in Proc. Workshop Hot topics in software defined networks(HotSDN'12), pp. 121-126, Helsinki, Finland, Aug. 2012.
  16. E. Levy, "Dionaea: On the automatic collection of malicious code samples through honey pot farms," in Invited talk at the CASCON 2005 Workshop on Cybersecurity, Toronto, Canada, Oct. 2005.