Anomaly Traceback using Software Defined Networking

Jérôme François 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : While the threats in Internet are still increasing and evolving (like intra multi-tenant data center attacks), protection and detection mechanisms are not fully accurate. Therefore, forensics is vital for recovering from an attack but also to identify the responsible entities. Therefore, this paper focuses on tracing back to the sources of an anomaly in the network. In this paper, we propose a method leveraging the Software Defined Networking (SDN) paradigm to passively identify switches composing the network path of an anomaly. As SDN technologies tend to be deployed in the next generation of networks including in data centers, they provide a helpful framework to implement our proposal without developing dedicated routers like usual IP traceback techniques. We evaluated our scheme with different network topologies (Internet and data centers) by considering distributed attacks with numerous hosts.
Type de document :
Communication dans un congrès
International Workshop on Information Forensics and Security, Dec 2014, Atlanta, United States
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01092789
Contributeur : Jérôme François <>
Soumis le : mardi 9 décembre 2014 - 14:46:04
Dernière modification le : lundi 9 avril 2018 - 15:50:04
Document(s) archivé(s) le : mardi 10 mars 2015 - 11:50:46

Fichier

wifs14_hal.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : hal-01092789, version 1

Collections

Citation

Jérôme François, Olivier Festor. Anomaly Traceback using Software Defined Networking. International Workshop on Information Forensics and Security, Dec 2014, Atlanta, United States. 〈hal-01092789〉

Partager

Métriques

Consultations de la notice

514

Téléchargements de fichiers

811