• DocumentCode
    3585893
  • Title

    Anomaly traceback using software defined networking

  • Author

    Francois, Jerome ; Festor, Olivier

  • Author_Institution
    INRIA Nancy Grand Est, Nancy, France
  • fYear
    2014
  • Firstpage
    203
  • Lastpage
    208
  • Abstract
    While the threats in Internet are still increasing and evolving (like intra multi-tenant data center attacks), protection and detection mechanisms are not fully accurate. Therefore, forensics is vital for recovering from an attack but also to identify the responsible entities. Therefore, this paper focuses on tracing back to the sources of an anomaly in the network. In this paper, we propose a method leveraging the Software Defined Networking (SDN) paradigm to passively identify switches composing the network path of an anomaly. As SDN technologies tend to be deployed in the next generation of networks including in data centers, they provide a helpful framework to implement our proposal without developing dedicated routers like usual IP traceback techniques. We evaluated our scheme with different network topologies (Internet and data centers) by considering distributed attacks with numerous hosts.
  • Keywords
    Internet; computer centres; software defined networking; telecommunication network topology; telecommunication security; Internet; SDN paradigm; anomaly traceback; distributed attacks; forensics; intra multitenant data center attacks; network topologies; software defined networking paradigm; switches; Conferences; Forensics; IP networks; Network topology; Ports (Computers); Routing; Topology;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Forensics and Security (WIFS), 2014 IEEE International Workshop on
  • Type

    conf

  • DOI
    10.1109/WIFS.2014.7084328
  • Filename
    7084328
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3585893