The unauthorized access or theft of sensitive, personal information is becoming a weekly news item. The illegal dissemination of proprietary information to media outlets or competitors costs industry untold millions in remediation costs and losses every year. The 2013 data breach at Target, Inc. that impacted 70 million customers is estimated to cost upwards of 1 billion dollars. Stolen information is also being used to damage political figures and adversely influence foreign and domestic policy. In this paper, we offer some techniques for better understanding the health and security of our networks. This understanding will help professionals to identify network behavior, anomalies and other latent, systematic issues in their networks. Software-Defined Networks (SDN) enable the collection of network operation and configuration metrics that are not readily available, if available at all, in traditional networks. SDN also enables the development of software protocols and tools that increases visibility into the network. By accumulating and analyzing a time series data repository (TSDR) of SDN and traditional metrics along with data gathered from our tools we can establish behavior and security patterns for SDN and SDN hybrid networks. Our research helps provide a framework for a range of techniques for administrators and automated system protection services that give insight into the health and security of the network. To narrow the scope of our research, this paper focuses on a subset of those techniques as they apply to the confidence analysis of a specific network path at the time of use or inspection. This confidence analysis allows users, administrators and autonomous systems to decide whether a network path is secure enough for sending their sensitive information. Our testing shows that malicious activity can be identified quickly as a single metric indicator and consistently within a multi-factor indicator analysis. Our research includes the implementation of these techniques in a network path confidence analysis service, called Confidence Assessment as a Service. Using our behavior and security patterns, this service evaluates a specific network path and provides a confidence score for that path before, during and after the transmission of sensitive data. Our research and tools give administrators and autonomous systems a much better understanding of the internal operation and configuration of their networks. Our framework will also provide other services that will focus on detecting latent, systemic network problems. By providing a better understanding of network configuration and operation our research enables a more secure and dependable network and helps prevent the theft of information by malicious actors.
[1]
Rui Guo,et al.
Research on the Active DDoS Filtering Algorithm Based on IP Flow
,
2009,
2009 Fifth International Conference on Natural Computation.
[2]
VARUN CHANDOLA,et al.
Anomaly detection: A survey
,
2009,
CSUR.
[3]
James D. McCabe.
Network analysis, architecture, and design
,
2003,
Network Design, Modelling and Performance Evaluation.
[4]
Francisco Novillo,et al.
Evaluation of performance and scalability of Mininet in scenarios with large data centers
,
2016,
2016 IEEE Ecuador Technical Chapters Meeting (ETCM).
[5]
Rodrigo Braga,et al.
Lightweight DDoS flooding attack detection using NOX/OpenFlow
,
2010,
IEEE Local Computer Network Conference.
[6]
Qiang Xu,et al.
Enabling layer 2 pathlet tracing through context encoding in software-defined networking
,
2014,
HotSDN.
[7]
Brighten Godfrey,et al.
Pathlet routing
,
2009,
SIGCOMM '09.
[8]
Pavol Zavarsky,et al.
Fault Tree Analysis of Accidental Insider Security Events
,
2012,
2012 International Conference on Cyber Security.
[9]
Kevin Benton,et al.
Timing Analysis of SSL/TLS Man in the Middle Attacks
,
2013,
ArXiv.
[10]
John B. Carter,et al.
SDN traceroute: tracing SDN forwarding without changing network behavior
,
2014,
HotSDN.
[11]
Joshua A. Alcorn,et al.
A Framework for SDN Network Evaluation
,
2017,
2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).
[12]
Carol J. Fung,et al.
FlowMon: Detecting Malicious Switches in Software-Defined Networks
,
2015,
SafeConfig@CCS.
[13]
Michael Walfish,et al.
Verifying and enforcing network paths with icing
,
2011,
CoNEXT '11.