Establishing process-level defense-in-depth framework for software defined networks

Jing Song Cui, Chi Guo, Long Chen, Ya Na Zhang, Dijiang Huang

Research output: Contribution to journalArticlepeer-review

10 Scopus citations

Abstract

Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.

Original languageEnglish (US)
Pages (from-to)2251-2265
Number of pages15
JournalRuan Jian Xue Bao/Journal of Software
Volume25
Issue number10
DOIs
StatePublished - Oct 1 2014

Keywords

  • Agent-free
  • Inside network firewall
  • Network virtualization
  • Software defined networking
  • Virtual machines' defense in depth

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Establishing process-level defense-in-depth framework for software defined networks'. Together they form a unique fingerprint.

Cite this