Establishing process-level defense-in-depth framework for software defined networks

Jing Song Cui, Chi Guo, Long Chen, Ya Na Zhang, Dijiang Huang

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.

Original languageEnglish (US)
Pages (from-to)2251-2265
Number of pages15
JournalRuan Jian Xue Bao/Journal of Software
Volume25
Issue number10
DOIs
StatePublished - Oct 1 2014

Fingerprint

Cloud computing
Virtual machine
Scalability
Momentum
Computer systems
Software defined networking
Malware

Keywords

  • Agent-free
  • Inside network firewall
  • Network virtualization
  • Software defined networking
  • Virtual machines' defense in depth

ASJC Scopus subject areas

  • Software

Cite this

Establishing process-level defense-in-depth framework for software defined networks. / Cui, Jing Song; Guo, Chi; Chen, Long; Zhang, Ya Na; Huang, Dijiang.

In: Ruan Jian Xue Bao/Journal of Software, Vol. 25, No. 10, 01.10.2014, p. 2251-2265.

Research output: Contribution to journalArticle

Cui, Jing Song ; Guo, Chi ; Chen, Long ; Zhang, Ya Na ; Huang, Dijiang. / Establishing process-level defense-in-depth framework for software defined networks. In: Ruan Jian Xue Bao/Journal of Software. 2014 ; Vol. 25, No. 10. pp. 2251-2265.
@article{f1c538e6abea4a879072e899fafedda5,
title = "Establishing process-level defense-in-depth framework for software defined networks",
abstract = "Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.",
keywords = "Agent-free, Inside network firewall, Network virtualization, Software defined networking, Virtual machines' defense in depth",
author = "Cui, {Jing Song} and Chi Guo and Long Chen and Zhang, {Ya Na} and Dijiang Huang",
year = "2014",
month = "10",
day = "1",
doi = "10.13328/j.cnki.jos.004682",
language = "English (US)",
volume = "25",
pages = "2251--2265",
journal = "Ruan Jian Xue Bao/Journal of Software",
issn = "1000-9825",
publisher = "Chinese Academy of Sciences",
number = "10",

}

TY - JOUR

T1 - Establishing process-level defense-in-depth framework for software defined networks

AU - Cui, Jing Song

AU - Guo, Chi

AU - Chen, Long

AU - Zhang, Ya Na

AU - Huang, Dijiang

PY - 2014/10/1

Y1 - 2014/10/1

N2 - Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.

AB - Cloud computing is gaining momentum against traditional method in providing users various services with greater flexibility and scalability. Before switching to cloud computing, users must take into account the security of cloud as an extremely important factor. That is because in the cloud environment, attackers can initiate efficient attacks to cloud users through the shared cloud resources such as virtual machines. Since virtual machines (VM) are basic resources of cloud service, by compromising or renting several virtual machines, attackers may deploy malicious software into those machines and launch a wider range of attacks to other virtual machines such as distributed denial of service (DDoS). To tackle this issue, this paper proposes a defense in depth system based on software defined networking to be able to detect suspicious virtual machines and monitor the flow they issued in time, and inhibit the aggressive behavior from the suspected virtual machines to mitigate the attack consequences. The system detects the virtual machines' running state in a completely non-intrusive and agent-free way, and monitors network traffic between virtual machines on the same host or between cloud hosts at process level based on software defined networking. Experimental results demonstrate the effectiveness of the system.

KW - Agent-free

KW - Inside network firewall

KW - Network virtualization

KW - Software defined networking

KW - Virtual machines' defense in depth

UR - http://www.scopus.com/inward/record.url?scp=84908277730&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84908277730&partnerID=8YFLogxK

U2 - 10.13328/j.cnki.jos.004682

DO - 10.13328/j.cnki.jos.004682

M3 - Article

AN - SCOPUS:84908277730

VL - 25

SP - 2251

EP - 2265

JO - Ruan Jian Xue Bao/Journal of Software

JF - Ruan Jian Xue Bao/Journal of Software

SN - 1000-9825

IS - 10

ER -