Net Auto-Solver: A formal approach for automatic resolution of OpenFlow anomalies

Policy anomalies are frequent in nowadays’s computer networks due to their increasing configuration complexity. Resolving policy anomalies usually requires network administrator intervention, which is a time-intensive and error-prone process. In this paper, we present Net Auto-Solver, a formal approach for automatic resolution of OpenFlow anomalies. The approach resorts to the concept of high-level policies to not only detect policy violations but also correct them on-the-fly. Our approach is fully automated and does not require interaction with the network administrator. Although there is a multitude of research works on detecting anomalies in SDN, research to correct those anomalies in an automatic manner is extremely scarce. At the heart of our approach, we propose two inference systems to perform corrective actions to the policy. We provide some experimental results involving real-life network configurations to show the performance of our approach. The first results are very promising.

[1]  Ehab Al-Shaer,et al.  Firewall Policy Advisor for Anomaly Discovery and Rule Editing , 2003, Integrated Network Management.

[2]  Adel Bouhoula,et al.  FARE: FDD-based firewall anomalies resolution tool , 2017, J. Comput. Sci..

[3]  Anis Yazidi,et al.  On Assisted Packet Filter Conflicts Resolution: An Iterative Relaxed Approach , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[4]  Yuliang Tang,et al.  An optimization algorithm for spatial information network self-healing based on software defined network , 2017, 2017 12th International Conference on Computer Science and Education (ICCSE).

[5]  Matthew Caesar,et al.  Automatically Correcting Networks with NEAt , 2018, NSDI.

[6]  Anis Yazidi,et al.  An Incremental Approach for Swift OpenFlow Anomaly Detection , 2018, 2018 IEEE 43rd Conference on Local Computer Networks (LCN).

[7]  Ali Kheradmand,et al.  Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns , 2020, SOSR.

[8]  Anis Yazidi,et al.  A security Policy Query Engine for fully automated resolution of anomalies in firewall configurations , 2016, 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA).

[9]  Ying Zhang,et al.  PGA: Using Graphs to Express and Automatically Reconcile Network Policies , 2015, Comput. Commun. Rev..