A novel method against the firewall bypass threat in OpenFlow networks

Yicong Zhang; Jie Li; Lin Chen; Yusheng Ji; Feilong Tang

doi:10.1109/WCSP.2017.8171014

A novel method against the firewall bypass threat in OpenFlow networks

Yicong Zhang, Jie Li, Lin Chen, Yusheng Ji, Feilong Tang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Software-Defined Networking (SDN) is an innovational network architecture introduced a couple of years ago. It gives network administrators the ability to directly control the whole network by programming on a centralized controller, without manually configure each device. However, new security challenges come out with SDN development. One significant challenge is to design a secure firewall specifically designed for SDN, since the traditional firewall could be easily bypassed in SDN. To detect and prevent this bypass threat, we propose a novel detection method by modeling the network to a directed graph with two significant features. Then, we implement our method and conduct experiments. The result of experiments show that our method can actively and accurately detect bypass threats for OpenFlow networks.

Original language	English
Title of host publication	2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-6
Number of pages	6
ISBN (Electronic)	9781538620625
DOIs	https://doi.org/10.1109/WCSP.2017.8171014
State	Published - 7 Dec 2017
Externally published	Yes
Event	9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Nanjing, China Duration: 11 Oct 2017 → 13 Oct 2017

Publication series

Name	2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings
Volume	2017-January

Conference

Conference	9th International Conference on Wireless Communications and Signal Processing, WCSP 2017
Country/Territory	China
City	Nanjing
Period	11/10/17 → 13/10/17

Access to Document

10.1109/WCSP.2017.8171014

Cite this

Zhang, Y., Li, J., Chen, L., Ji, Y., & Tang, F. (2017). A novel method against the firewall bypass threat in OpenFlow networks. In 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings (pp. 1-6). (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings; Vol. 2017-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/WCSP.2017.8171014

Zhang, Yicong ; Li, Jie ; Chen, Lin et al. / A novel method against the firewall bypass threat in OpenFlow networks. 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-6 (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings).

@inproceedings{80da0390bc3240599cfbf9b663e0182f,

title = "A novel method against the firewall bypass threat in OpenFlow networks",

abstract = "Software-Defined Networking (SDN) is an innovational network architecture introduced a couple of years ago. It gives network administrators the ability to directly control the whole network by programming on a centralized controller, without manually configure each device. However, new security challenges come out with SDN development. One significant challenge is to design a secure firewall specifically designed for SDN, since the traditional firewall could be easily bypassed in SDN. To detect and prevent this bypass threat, we propose a novel detection method by modeling the network to a directed graph with two significant features. Then, we implement our method and conduct experiments. The result of experiments show that our method can actively and accurately detect bypass threats for OpenFlow networks.",

author = "Yicong Zhang and Jie Li and Lin Chen and Yusheng Ji and Feilong Tang",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 ; Conference date: 11-10-2017 Through 13-10-2017",

year = "2017",

month = dec,

day = "7",

doi = "10.1109/WCSP.2017.8171014",

language = "英语",

series = "2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--6",

booktitle = "2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings",

address = "美国",

}

Zhang, Y, Li, J, Chen, L, Ji, Y & Tang, F 2017, A novel method against the firewall bypass threat in OpenFlow networks. in 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings, vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-6, 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017, Nanjing, China, 11/10/17. https://doi.org/10.1109/WCSP.2017.8171014

A novel method against the firewall bypass threat in OpenFlow networks. / Zhang, Yicong; Li, Jie; Chen, Lin et al.
2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-6 (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A novel method against the firewall bypass threat in OpenFlow networks

AU - Zhang, Yicong

AU - Li, Jie

AU - Chen, Lin

AU - Ji, Yusheng

AU - Tang, Feilong

PY - 2017/12/7

Y1 - 2017/12/7

N2 - Software-Defined Networking (SDN) is an innovational network architecture introduced a couple of years ago. It gives network administrators the ability to directly control the whole network by programming on a centralized controller, without manually configure each device. However, new security challenges come out with SDN development. One significant challenge is to design a secure firewall specifically designed for SDN, since the traditional firewall could be easily bypassed in SDN. To detect and prevent this bypass threat, we propose a novel detection method by modeling the network to a directed graph with two significant features. Then, we implement our method and conduct experiments. The result of experiments show that our method can actively and accurately detect bypass threats for OpenFlow networks.

AB - Software-Defined Networking (SDN) is an innovational network architecture introduced a couple of years ago. It gives network administrators the ability to directly control the whole network by programming on a centralized controller, without manually configure each device. However, new security challenges come out with SDN development. One significant challenge is to design a secure firewall specifically designed for SDN, since the traditional firewall could be easily bypassed in SDN. To detect and prevent this bypass threat, we propose a novel detection method by modeling the network to a directed graph with two significant features. Then, we implement our method and conduct experiments. The result of experiments show that our method can actively and accurately detect bypass threats for OpenFlow networks.

UR - https://www.scopus.com/pages/publications/85046339082

U2 - 10.1109/WCSP.2017.8171014

DO - 10.1109/WCSP.2017.8171014

M3 - 会议稿件

AN - SCOPUS:85046339082

T3 - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings

SP - 1

EP - 6

BT - 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017

Y2 - 11 October 2017 through 13 October 2017

ER -

Zhang Y, Li J, Chen L, Ji Y, Tang F. A novel method against the firewall bypass threat in OpenFlow networks. In 2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-6. (2017 9th International Conference on Wireless Communications and Signal Processing, WCSP 2017 - Proceedings). doi: 10.1109/WCSP.2017.8171014

A novel method against the firewall bypass threat in OpenFlow networks

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this