Modelling cyber security for software-defined networks those grow strong when exposed to threats
Tóm tắt
Từ khóa
Tài liệu tham khảo
Antifragile-Wikipedia. https://en.wikipedia.org/wiki/Antifragile. Accessed 02 Oct 2015
SDN Architecture, Issue 1, June 2014. https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR_SDN_ARCH_1.0_06062014.pdf. Accessed 16 June 2015
Scott-Hayward S, O’Callaghan G, Sezer S (2013) Sdn security: a survey. Future Networks and Services (SDN4FNS), 2013 IEEE SDN for, vol. no, pp 1, 7, 11–13 Nov 2013 doi:10.1109/SDN4FNS.2013.6702553
McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J, Turner J (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commu Rev 38(2):69–74
Schehlmann L, Abt S, Baier H (2014) Blessing or curse? Revisiting security aspects of Software-Defined Networking. 2014 10th international conference on network and service management (CNSM)
Anwer B, Benson T, Feamster N, Levin D, Rexford J (2013) A slick control plane for network middleboxes. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, pp 147–148. ACM
Fayazbakhsh SK, Sekar V, Yu M, Mogul JC (2013) Flowtags: enforcing network-wide policies in the presence of dynamic middlebox actions. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, pp 19–24. ACM
Qazi ZA, Tu CC, Chiang L, Miao R, Sekar V, Yu M (2013) SIMPLE-fying middlebox policy enforcement using SDN. In: ACM SIGCOMM computer communication review, vol 43, no 4, pp. 27–38. ACM
Ballard JR, Rae I, Akella A (2010) Extensible and scalable network monitoring using opensafe. Proc, INM/WREN
Shin S, Gu G (2012) CloudWatcher: network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In: 2012 20th IEEE international conference on network protocols (ICNP), pp 1–6. IEEE
Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N, Shenker S (2008) NOX: towards an operating system for networks. ACM SIGCOMM Comput Commun Rev 38(3):105–110
Sniedovich M (2006) Dijkstra’s algorithm revisited: the dynamic programming connexion. Control Cybern 35(3):599
Du X, Wang MZ, Zhang X, Zhu L (2014) Traffic-based Malicious Switch Detection in SDN. Int J Secur Its Appl 8(5):119–130
Kwon J, Seo D, Kwon M, Lee H, Perrig A, Kim H (2015) An incrementally deployable anti-spoofing mechanism for software-defined networks. Comput Commun
Yaar A, Perrig A, Song D (2003) Pi: a path identification mechanism to defend against DDoS attacks. In: Proceedings. 2003 Symposium on security and privacy, 2003, pp 93–107. IEEE
Park K, Lee H (2001) On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In: ACM SIGCOMM computer communication review, vol 31, no 4, pp 15–26. ACM
Yao G, Bi J, Feng T, Xiao P, Zhou D (2014) Performing software defined route-based IP spoofing filtering with SEFA. In: 2014 23rd international conference on computer communication and networks (ICCCN), pp 1–8. IEEE
Jafarian JH, Al-Shaer E, Duan Q (2012) Openflow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of the first workshop on hot topics in software defined networks, pp 127–132. ACM
NP-Hardness-Wikipedia. https://en.wikipedia.org/wiki/NP-hardness. Accessed 07 June 2015
Satisfiability Modulo Theories-Wikipedia. https://en.wikipedia.org/wiki/Satisfiability_modulo_theories. Accessed 07 June 2015
Mendonca M, Seetharaman S, Obraczka K (2012) A flexible in-network IP anonymization service. In: 2012 IEEE international conference on communications (ICC), pp 6651–6656. IEEE
Skowyra R, Bahargam S, Bestavros A (2013) Software-defined IDS for securing embedded mobile devices. High performance extreme computing conference (HPEC), 2013 IEEE, vol. no, pp 1, 7, 10–12 Sept. 2013
Mehdi SA, Khalid J, Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. Recent advances in intrusion detection. Springer, Berlin Heidelberg, pp 161–180
Schechter SE, Jung J, Berger AW (2004) Fast detection of scanning worm infections. In: RAID. pp 59–81
Twycross J, Williamson MM (2003) Implementing and testing a virus throttle. Proceedings of the 12th conference on USENIX security symposium, vol 12. USENIX Association, Berkeley, CA, USA, pp 20–20
Williamson MM (2002) Throttling viruses: restricting propagation to defeat malicious mobile code. In: Proceedings of 18th annual computer security applications conference, 2002, pp 61–68. IEEE
Gu Y, McCallum A, Towsley D (2005) Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of the 5th ACM SIGCOMM conference on internet measurement, pp 32–32. IMC ’05, USENIX Association, Berkeley, CA, USA
Mahoney MV (2003) Network traffic anomaly detection based on packet bytes. In: Proceedings of the 2003 ACM symposium on applied computing, pp 346–350. SAC’03, ACM, New York, NY, USA
Kullback Leibler Divergence-Wikipedia. https://en.wikipedia.org/wiki/Kullback%E2%80%93Leibler_divergence
Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. 2010 IEEE 35th conference on local computer networks (LCN), vol. no, pp 408, 415, 10–14 Oct 2010. doi: 10.1109/LCN.2010.5735752
Kohonen T (1990) The self-organizing map. Proc IEEE 78(9):1464–1480
KDD Cup 1999: Computer Network intrusion Detection. [Online] http://www.sigkdd.org/kdd-cup-1999-computer-network-intrusion-detection
Dillon C, Berkelaar M OpenFlow (D)DoS nitigation. [Online] http://www.delaat.net/rp/2013-2014/p42/report.pdf
Bates A, Butler K, Haeberlen A, Sherr M, Zhou W (2014) Let SDN be your eyes: secure forensics in data center networks. In: Proceedings of the NDSS workshop on security of emerging network technologies (SENT’14)
Haeberlen A, Kouznetsov P, Druschel P (2007) PeerReview: practical accountability for distributed systems. In: ACM SIGOPS operating systems review, vol 41, no. 6, pp 175–188. ACM
Shin S, Porras PA, Yegneswaran V, Fong MW, Gu G, Tyson M (2013) Modular composable security services for software-defined networks, FRESCO. In: NDSS
SRI International. BotHunter: a network-based Botnet diagnosis system. http://www.bothunter.net/
Kreutz D, Ramos F, Verissimo P (2013) Towards secure and dependable software-defined networks. In: Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp 55–60. ACM
The STRIDE Threat Model https://msdn.microsoft.com/en-us/library/ee823878
Schneier B Attack trees: modeling security threats. Dr. Dobb’s journal (1999)
Saini V, Duan Q, Paruchuri V (2008) Threat modeling using attack trees. J Comput Sci Coll 23(4):124–131
Kloti R, Kotronis V, Smith P (2013) OpenFlow: a security analysis. 2013 21st IEEE international conference on network protocols (ICNP), vol. no, pp 1, 6, 7–10 Oct 2013. doi: 10.1109/ICNP.2013.6733671
Shin S, Gu G (2013) Attacking software-defined networks: a first feasibility study. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, pp 165–166. ACM
Hong S, Xu L, Wang H, Gu G (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. NDSS
Al-Shaer E, Al-Haj S (2010) FlowChecker: configuration analysis and verification of federated OpenFlow infrastructures. In: Proceedings of the 3rd ACM workshop on assurable and usable security configuration, pp 37–44. ACM
Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on hot topics in software defined networks, pp 121–126. ACM
Canini M, Venzano D, Peresini P, Kostic D, Rexford J (2012) A NICE way to test OpenFlow applications. NSDI 12:127–140
Khurshid A, Zhou W, Caesar M, Godfrey P (2012) Veriflow: verifying network-wide invariants in real time. ACM SIGCOMM Comput Commun Rev 42(4):467–472
Mininet. http://mininet.org/
Yan Z, Prehofer C (2011) Autonomic trust management for a component-based software system. Dependable Secure Comput IEEE Trans 8(6):810–823
Wen X, Chen Y, Hu C, Shi C, Wang Y (2013) Towards a secure controller platform for openflow applications. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, pp 171–172. ACM
http://www.bizforum.org/whitepapers/candle-4.htm
Threat Model-Wikipedia. http://en.wikipedia.org/wiki/Threat_model. Accessed 09 Feb 2015
Octotrike Threat Model. http://octotrike.org/. Accessed 10 Feb 2015
http://shop.standards.co.nz/default.htm?url=webshop/&action=viewSearchProduct&mod=catalog&pid=4360:2004%28AS|NZS%29
CVSS. https://nvd.nist.gov/cvss.cfm
Octave. http://www.cert.org/resilience/products-services/octave/index.cfm
http://is355.wikidot.com/information-security-general
Fiorini RA, Santacroce GF (2015) Application resilience and antifragility from the internet of medical devices to Healthcare Governance Systems. EJBI 11(3):
Abid A, Khemakhem MT, Marzouk S, Jemaa MB, Monteil T, Drira K (2014) Toward antifragile cloud computing infrastructures. Procedia Comput Sci 32:850–855
De Florio V (2014) Antifragility = elasticity + resilience + machine learning models and algorithms for open system fidelity. Procedia Comput Sci 32:834–841
Jones KH (2014) Engineering antifragile systems: a change in design philosophy. Procedia Comput Sci 32:870–875
De Florio V (2015) On resilient behaviors in computational systems and environments. J Reliab Intell Env 1–14
Nayak AK, Reimers A, Feamster N, Clark R (2009) Resonance: dynamic access control for enterprise networks. In: Proceedings of the 1st ACM workshop on research on enterprise networking, pp 11–18. ACM
Naous J, Stutsman R, Mazieres D, McKeown N, Zeldovich N (2009) Delegating network security with more information. In: Proceedings of the 1st ACM workshop on research on enterprise networking, pp 19–26. ACM
Rogers DM (2005) Anti-forensic presentation given to Lockheed Martin. San Diego