Custom Query (1408 matches)

Demo Title: Experimentation of SDN-Supported Collaborative DDoS Attack Detection and Containment

One-sentence layman's description:

This demo shows a collaborative monitoring and correlation approach to mitigate the effects of the surge in network traffic of a flooding Denial of Service attack that can cause loss of service for legitimate sites.

Who should see this demo?

Attendees interested in Cybersecurity attack detection, and mitigation techniques.

Demo description paragraph(s): “Elevator speech” description that identifies (a) what you are demonstrating and (b) why it is important. This description may be used for advance publicity and to help attendees identify the demonstrations they wish to see.

Software-defined networking (SDN) and OpenFlow offer great support to dynamically adapt a network and to access data on different network layers as needed. Such advantages have been driving recent research efforts to develop new security applications and services. However, most studies on attack detection and containment have not really differentiated their solutions from the traditional ones, without fully taking advantage of the unique capabilities provided by SDN. Moreover, even if some of these studies provide interesting visions of what can be achieved, they stop short of presenting realistic application scenarios and experimental results. We present a novel attack detection and containment approach that is coordinated by distributed network monitors and controllers/correlators centralized on an SDN OpenFlow Virtual Switch (OVS). With different views and information availability, these elements collaboratively detect signature constituents of an attack that possess different characteristics of scale and detail. Therefore, this approach is able to not only quickly issue an alert against potential threats followed by careful verification for high accuracy, but also balance the workload on the OVS. We apply the proposed approach to TCP SYN flood attacks using Global Environment for Network Innovations (GENI). This realistic experimentation has provided us with insightful findings helpful to our goal toward a systematic methodology of SDN-supported attack detection and containment. First, we have demonstrated through experimentation the scalability of our collaborative scheme. Second, we have studied how the combination of alerts by the monitor and deep packet inspection by the correlator, can increase the speed and accuracy of attack identification. Our experiments, in the context of a small to medium corporate network, have demonstrated the effectiveness and scalability of the SDN-supported detection and containment approach..

List of equipment that will need AC connections (e.g. laptop, switch, monitor): Laptop and a monitor.

Total number of wired network connections (sum standard IP and VLAN connections):

One wired network connection.

Number of wired layer 2 VLANs (if any):

One VLAN for single network connection

Specify VLAN number, if known, approximate bandwidth, and whether tagged or untagged.

Any number (including VLAN 1)

Number of wireless network connections (include required bandwidth if significant):

N/A

Number of static addresses needed (if any):

N/A

Monitor (y/n, specify VGA or DVI):

VGA Monitor with minimal of resolution of 1440x900 or 1280x1024

Number of posters (max size poster boards are 30" x 40"):

One

Special requests: Include any specific network connectivity needs (e.g. VLANs to a particular GENI location, projects you'd like to be near, etc.)

This is a USIgnite demo.

Demo Title: Enhancing an OpenFlow Network with Service Insertion and Payload Inspection

One-sentence layman’s description: This demo shows a working prototype of an application aware video reconditioning service.

Who should see this demo? Attendees interested in introducing a variety of value-added network services into their networks, such as context-sensitive service for prioritizing public safety applications or a security service that detects and eliminates malware embedded in unwary user traffic.

Demo description paragraph(s): Today, due to volatile and exploding traffic demands, ISPs need to update their deployed network resources almost continuously, but it is costly to provision increasingly faster and specialized network devices. The impact of a given resource change on the performance of traffic in terms of improving user experience or utility is also hard to predict. Network middle boxes with Deep Packet Inspection (DPI) capabilities have become a necessity for improving the intelligence of networks. OpenFlow, the de facto early standard for Software-Defined Network, encourages multi-vendor openness but only allows traffic engineering on an integrated basis for L2-L4. To introduce DPI functionality, we propose and prototype an enhancement to OpenFlow based on the idea of an External Processing Box (EPB) optionally attached to forwarding engines; however, when attached the EPB is seen as an integrated part of the OpenFlow datapath. With an EPB, a network operator can program L7-based policies within an OpenFlow Controller to control service insertion and traffic engineering. The EPB enables the operator the capability to:

• modify traffic behavior based on payload content (i.e. expedite specific traffic)
• inject/remove information from the payload
• encrypt traffic on the fly

The video reconditioning service prototype demonstrates video traffic steered to travel either a best-effort route or an expedited route based on video feed’s URL. This is currently a capability switches (conventional/OpenFlow-enabled) are not able to perform as the information lies in the L7 header.

List of equipment that will need AC connections: Switch, monitor, server, and laptop

Total number of wired network connections: 2 standard IP addresses

Number of wired layer 2 VLANs: None necessary

Number of wireless network connections: Not required

Number of static addresses needed: Not required

Monitor: A single monitor with both DVI and VGA connections. DVI connection is required for management while the VGA connection will be used for the demo.

Number of posters: Only 1 necessary

Special requests: This demo is apart of the Extreme Networks SDN Challenge and I believe should be among the US Ignite demos.

Demo Title: MyExperiment for Sharing

One-sentence layman's description:

This demo shows a working prototype of MyExperiment, a full-functioning public online model repository for PrimoGENI.

Who should see this demo?

Example: Attendees interested in conducting network experiments combining simulation and emulation on GENI.

Demo description paragraph(s):

• PrimoGENI allows hybrid network experiments consisted of simulated and emulated network entities.
• Each PrimoGENI experiment consists of a model of a virtual network, which includes the specification of the network topology with detailed configuration of network entities, and possible specification of background network traffic.
• MyExperiment is an online repository, where experimenters can create, view, and modify network models; one can also publish network models and share experiment results with the user community.
• MyExperiment contains plugins for various network topology and traffic generators.
• MyExperiment manages network models created by each user and supports translation between different formats.
• Users can publish their models and share experiment results to facilitate model reuse and validation.

List of equipment that will need AC connections (e.g. laptop, switch, monitor): 2 Total number of wired network connections (sum standard IP and VLAN connections): 2 Number of wired layer 2 VLANs (if any): 0 Number of wireless network connections (include required bandwidth if significant): 2 Number of static addresses needed (if any): 0 Monitor (y/n, specify VGA or DVI): yes, DVI preferred (we run GUI that requires high-resolution) Number of posters (max size poster boards are 30" x 40"): 1