An Incremental Approach for Swift OpenFlow Anomaly Detection

Aryan, Ramtin; Yazidi, Anis; Engelstad, Paal E.

doi:10.1109/lcn.2018.8638226

Cited by 4 publications

(9 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Both a single-thread and multi-thread implementation of Net Auto-Solver are assessed, and the results are promising. As future work, we would like to apply an incremental approach [10] to improve the performance of the correction process in Net Auto-Solver. Since the data plane rules are updated frequently, the correction performance is an essential factor in the efficiency of the method and thus the need for an incremental approach.…”

Section: Discussionmentioning

confidence: 99%

Net Auto-Solver: A formal approach for automatic resolution of OpenFlow anomalies

Aryan

Yazidi

Bouhoula

et al. 2020

2020 IEEE 45th Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

Policy anomalies are frequent in nowadays's computer networks due to their increasing configuration complexity. Resolving policy anomalies usually requires network administrator intervention, which is a time-intensive and error-prone process. In this paper, we present Net Auto-Solver, a formal approach for automatic resolution of OpenFlow anomalies. The approach resorts to the concept of high-level policies to not only detect policy violations but also correct them on-the-fly. Our approach is fully automated and does not require interaction with the network administrator. Although there is a multitude of research works on detecting anomalies in SDN, research to correct those anomalies in an automatic manner is extremely scarce. At the heart of our approach, we propose two inference systems to perform corrective actions to the policy. We provide some experimental results involving real-life network configurations to show the performance of our approach. The first results are very promising.

show abstract

Section: Discussionmentioning

confidence: 99%

Net Auto-Solver: A formal approach for automatic resolution of OpenFlow anomalies

Aryan

Yazidi

Bouhoula

et al. 2020

2020 IEEE 45th Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Shadowing does not only occur when one rule completely encompasses another rule. The authors of [27] list a different kind of shadowing that they call total shadowing. The authors describe total shadowing as when the combined scope of multiple rules covers the entire scope of another rule.…”

Section: Shadowingmentioning

confidence: 99%

“…Earlier, we discussed how the concept [27] describes as total shadowing. We mentioned before that total shadowing represents multiple instances of a different misconfiguration.…”

Section: Correlationmentioning

confidence: 99%

“…Stateful firewall misconfiguration checking as stated before does not have any substantial differences, even using the same definitions without adding more types of misconfigurations. Some of the papers that check stateful firewalls include [26,27,29,41,59]. The first paper listed is an extension of "Firewall Policy Advisor", the tool that essentially started the work in this field.…”

Section: Challenges and Research Trends 41 Stateless Vs Statefulmentioning

confidence: 99%

See 1 more Smart Citation

Misconfiguration in Firewalls and Network Access Controls: Literature Review

Alicea

Alsmadi

2021

Future Internet

View full text Add to dashboard Cite

Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the access control roles added to the firewall that will control network traffic. In this paper, we evaluated recent research trends and open challenges related to firewalls and access controls in general and misconfiguration problems in particular. With the recent advances in next-generation (NG) firewalls, firewall roles can be auto-generated based on networks and threats. Nonetheless, and due to the large number of roles in any medium to large networks, roles’ misconfiguration may occur for several reasons and will impact the performance of the firewall and overall network and protection efficiency.

show abstract

“…The online verification operates by the principle of only checking the affected set of packets due to the policy update. In Reference 11, we show how we can extend the offline verification method proposed in Reference 1 to cover online verification. In this article, we focus on the offline method for modeling the static networks and verifying policies before any changes.…”

Section: Introductionmentioning

confidence: 99%

A parallel approach for detecting OpenFlow rule anomalies based on a general formalism

Aryan

Yazidi

Kure

et al. 2020

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary As the policies of a software‐defined networking (SDN) network can be updated dynamically and often at a high pace, conflicts between policies can easily occur. Due to the large number of switches and heterogeneous policies within a typical SDN network, detecting those conflicts is a laborious and challenging task. This article presents three main contributions. First, we devise an offline method for detecting unmatched OpenFlow rules, that is, rules that are never fired. In our taxonomy such anomalies can stem from either invalid or irrelevant unmatched rules. Second, we introduce a new set of definitions for the intraanomalies between rules in the same table, which might occur when using the multiaction feature of an OpenFlow rule. Third, our detection method has been enhanced to support parallel execution, which makes it a viable solution for troubleshooting large‐scale networks. We provide some comprehensive experimental results based on both synthetic and real‐life setup the synthetic set up is designed in such a way that the rule matching takes place in the last rules of the switch and thus putting more stress on the rule detection process. The parallel method is shown to outperform the single‐threaded checking method by order of magnitude up to 21.

show abstract

An Incremental Approach for Swift OpenFlow Anomaly Detection

Cited by 4 publications

References 12 publications

Net Auto-Solver: A formal approach for automatic resolution of OpenFlow anomalies

Net Auto-Solver: A formal approach for automatic resolution of OpenFlow anomalies

Misconfiguration in Firewalls and Network Access Controls: Literature Review

A parallel approach for detecting OpenFlow rule anomalies based on a general formalism

Contact Info

Product

Resources

About