Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2018: Network and System Security pp 423–435Cite as

An OpenvSwitch Extension for SDN Traceback

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11058))

Abstract

While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Feamster, N., Rexford, J., Zegura, E.: The road to SDN. Queue 11(12), 20 (2013)

    Article  Google Scholar 

  2. Mckeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  3. Zinner, T., Jarschel, M., Hossfeld, T., Tran-Gia, P., Kellerer, W.: A compass through SDN networks. Informatik., Uni (2013)

    Google Scholar 

  4. Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: a survey. In: Future Networks and Services, pp. 1–7 (2013)

    Google Scholar 

  5. Khan, S., et al.: Software-defined network forensics: motivation, potential locations, requirements, and challenges. IEEE Netw. 30(6), 6–13 (2016)

    Article  Google Scholar 

  6. Bates, A., Butler, K., Haeberlen, A., Sherr, M., Zhou, W.: Let SDN be your eyes: secure forensics in data center networks. In: The Workshop on Security of Emerging Networking Technologies (2014)

    Google Scholar 

  7. Pfaff, B., et al.: The design and implementation of Open vSwitch. In: NSDI, pp. 117–130 (2015)

    Google Scholar 

  8. Oliveira, R.L.S.D., Shinoda, A.A., Schweitzer, C.M., Prete, L.R.: Using mininet for emulation and prototyping software-defined networks. In: Communications and Computing, pp. 1–6 (2014)

    Google Scholar 

  9. Medved, J., Varga, R., Tkacik, A., Gray, K.: Opendaylight: towards a model-driven SDN controller architecture. In: World of Wireless, Mobile and Multimedia Networks, pp. 1–6 (2014)

    Google Scholar 

  10. Handigol, N., Heller, B., Jeyakumar, V., Mckeown, N.: Where is the debugger for my software-defined network? In: The Workshop on Hot Topics in Software Defined Networks, pp. 55–60 (2012)

    Google Scholar 

  11. Francois, J.: Anomaly traceback using software defined networking. In: International Workshop on Information Forensics & Security (2014)

    Google Scholar 

  12. Zhang, H., Reich, J., Rexford, J.: Packet traceback for software-defined networks, Department of Computer Science, Princeton University, Princeton. Technical report TR-978-15, vol. 201 (2015)

    Google Scholar 

  13. Agarwal, K., Dixon, C., Dixon, C., Carter, J.: SDN traceroute: tracing SDN forwarding without changing network behavior. In: The Workshop on Hot Topics in Software Defined Networking, pp. 145–150 (2014)

    Google Scholar 

  14. Abaid, Z., Rezvani, M., Jha, S.: Malware monitor: an SDN-based framework for securing large networks, pp. 40–42 (2014)

    Google Scholar 

  15. Lvai, T., Pelle, I., Nmeth, F., Gulys, A.: EPOXIDE: a modular prototype for SDN troubleshooting. ACM SIGCOMM Comput. Commun. Rev. 45(5), 359–360 (2015)

    Article  Google Scholar 

  16. Zhao, Y., Zhang, P., Jin, Y.: Netography: troubleshoot your network with packet behavior in SDN. In: IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, pp. 878–882 (2016)

    Google Scholar 

Download references

Acknowledgment

The authors would like to thank the anonymous reviewers for their elaborate reviews and feedback. This paper is supported by the National Natural Science Foundation of China (No. 61502247), Open Project Program of the State Key Laboratory of Mathematical Engineering and Advanced Computing (No. 2017A10), and Key Lab of Information Network Security, Ministry of Public Security (No. C17611), Opening Project of Collaborative Innovation Center for Economics crime investigation and prevention technology (No. JXJZXTCX-015).

Author information

Authors and Affiliations

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China

    Danni Ren, Wenti Jiang, Huakang Li & Guozi Sun

  2. Institude of Computer Technology, Nanjing University of Posts and Telecommunications, Nanjing, China

    Huakang Li & Guozi Sun

  3. Zhongxing Telecommunication Equipment Corporation, Nanjing, China

    Danni Ren

Authors
  1. Danni Ren
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenti Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Huakang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guozi Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guozi Sun .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man Ho Au

  2. The University of Hong Kong, Hong Kong, China

    Siu Ming Yiu

  3. Guangzhou University, Guangzhou, China

    Jin Li

  4. The Hong Kong Polytechnic University, Hong Kong, China

    Xiapu Luo

  5. City University of Hong Kong, Hong Kong, China

    Cong Wang

  6. University of Salerno and University of Naples Federico II, Fisciano, Italy

    Aniello Castiglione

  7. CISPA Helmholtz Center i.G. GmbH, Saarbrücken, Germany

    Kamil Kluczniak

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ren, D., Jiang, W., Li, H., Sun, G. (2018). An OpenvSwitch Extension for SDN Traceback. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02744-5_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02743-8

  • Online ISBN: 978-3-030-02744-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation