Abstract
While software-defined networking (SDN) opens a new chapter for network administrators to manage and to maintain network, the vital characteristic of logically centralized control draws attackers to exploit different network technologies to hijack the controller. How to develop a security mechanism to determine the root of an anomaly and to identify the responsible entities is an urgent but challenging task now. Therefore, in this paper we conduct a research on SDN traceback with an OpenvSwitch extension, which is based on the technology of packet marking and logging. The traceback mainly consists of three functional mechanisms: mapping-table creation, packet marking and traceback, which is used to reconstruct the forwarding path of the packet with given features without changing network behaviors. We describe the dependent theoretical model and design concept of traceback, and demonstrate the validity, feasibility and practicability of traceback with an experiment. Similarly, the traceback we propose can play an important role in the fields of debugger and network behavior analysis.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Feamster, N., Rexford, J., Zegura, E.: The road to SDN. Queue 11(12), 20 (2013)
Mckeown, N., et al.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Zinner, T., Jarschel, M., Hossfeld, T., Tran-Gia, P., Kellerer, W.: A compass through SDN networks. Informatik., Uni (2013)
Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: a survey. In: Future Networks and Services, pp. 1–7 (2013)
Khan, S., et al.: Software-defined network forensics: motivation, potential locations, requirements, and challenges. IEEE Netw. 30(6), 6–13 (2016)
Bates, A., Butler, K., Haeberlen, A., Sherr, M., Zhou, W.: Let SDN be your eyes: secure forensics in data center networks. In: The Workshop on Security of Emerging Networking Technologies (2014)
Pfaff, B., et al.: The design and implementation of Open vSwitch. In: NSDI, pp. 117–130 (2015)
Oliveira, R.L.S.D., Shinoda, A.A., Schweitzer, C.M., Prete, L.R.: Using mininet for emulation and prototyping software-defined networks. In: Communications and Computing, pp. 1–6 (2014)
Medved, J., Varga, R., Tkacik, A., Gray, K.: Opendaylight: towards a model-driven SDN controller architecture. In: World of Wireless, Mobile and Multimedia Networks, pp. 1–6 (2014)
Handigol, N., Heller, B., Jeyakumar, V., Mckeown, N.: Where is the debugger for my software-defined network? In: The Workshop on Hot Topics in Software Defined Networks, pp. 55–60 (2012)
Francois, J.: Anomaly traceback using software defined networking. In: International Workshop on Information Forensics & Security (2014)
Zhang, H., Reich, J., Rexford, J.: Packet traceback for software-defined networks, Department of Computer Science, Princeton University, Princeton. Technical report TR-978-15, vol. 201 (2015)
Agarwal, K., Dixon, C., Dixon, C., Carter, J.: SDN traceroute: tracing SDN forwarding without changing network behavior. In: The Workshop on Hot Topics in Software Defined Networking, pp. 145–150 (2014)
Abaid, Z., Rezvani, M., Jha, S.: Malware monitor: an SDN-based framework for securing large networks, pp. 40–42 (2014)
Lvai, T., Pelle, I., Nmeth, F., Gulys, A.: EPOXIDE: a modular prototype for SDN troubleshooting. ACM SIGCOMM Comput. Commun. Rev. 45(5), 359–360 (2015)
Zhao, Y., Zhang, P., Jin, Y.: Netography: troubleshoot your network with packet behavior in SDN. In: IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, pp. 878–882 (2016)
Acknowledgment
The authors would like to thank the anonymous reviewers for their elaborate reviews and feedback. This paper is supported by the National Natural Science Foundation of China (No. 61502247), Open Project Program of the State Key Laboratory of Mathematical Engineering and Advanced Computing (No. 2017A10), and Key Lab of Information Network Security, Ministry of Public Security (No. C17611), Opening Project of Collaborative Innovation Center for Economics crime investigation and prevention technology (No. JXJZXTCX-015).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Ren, D., Jiang, W., Li, H., Sun, G. (2018). An OpenvSwitch Extension for SDN Traceback. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)