SAVSH: IP source address validation for SDN hybrid networks

Guolong Chen, Guangwu Hu, Yong Jiang, Chaoqin Zhang
{"title":"SAVSH: IP source address validation for SDN hybrid networks","authors":"Guolong Chen, Guangwu Hu, Yong Jiang, Chaoqin Zhang","doi":"10.1109/ISCC.2016.7543774","DOIUrl":null,"url":null,"abstract":"Current Internet packet forwarding only relies on destination IP address and thus neglects the validation of packet's IP source address for Internet accountability, which incurs many cyber-security threats. State-of-the-art solutions either have issues in spoofing packet filtering accuracy, e.g., false positive and false negative, or encounter scalability and deployment problems, i.e., end-host TCP/IP stack or router modification. In this article, we propose SAVSH, a practical IP source address validation scheme for Software Defined Networking (SDN) hybrid networks. SAVSH takes advantage of the SDN architecture which possesses global topological view and central control pattern, so that it can locate nodes for the SDN switch replacement and deploy filtering rules onto them with desirable IP prefix-level filtering accuracy. In the meantime, SAVSH also takes network dynamics (e.g., topology changes) into account. Finally, the established prototype experiment and typical topology simulations demonstrate SAVSH not only possesses desirable performance, but also owns the capability that trades the maximal validation effect with the minimal SDN switch deployment cost, which is up to more than 90% prefix coverage benefit to 15% deployment cost on average.","PeriodicalId":148096,"journal":{"name":"2016 IEEE Symposium on Computers and Communication (ISCC)","volume":"161 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium on Computers and Communication (ISCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCC.2016.7543774","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15

Abstract

Current Internet packet forwarding only relies on destination IP address and thus neglects the validation of packet's IP source address for Internet accountability, which incurs many cyber-security threats. State-of-the-art solutions either have issues in spoofing packet filtering accuracy, e.g., false positive and false negative, or encounter scalability and deployment problems, i.e., end-host TCP/IP stack or router modification. In this article, we propose SAVSH, a practical IP source address validation scheme for Software Defined Networking (SDN) hybrid networks. SAVSH takes advantage of the SDN architecture which possesses global topological view and central control pattern, so that it can locate nodes for the SDN switch replacement and deploy filtering rules onto them with desirable IP prefix-level filtering accuracy. In the meantime, SAVSH also takes network dynamics (e.g., topology changes) into account. Finally, the established prototype experiment and typical topology simulations demonstrate SAVSH not only possesses desirable performance, but also owns the capability that trades the maximal validation effect with the minimal SDN switch deployment cost, which is up to more than 90% prefix coverage benefit to 15% deployment cost on average.
SDN混合网络的IP源地址验证
目前的互联网报文转发仅依赖于目的IP地址,忽略了对报文IP源地址的验证,从而导致了许多网络安全威胁。最先进的解决方案要么在欺骗包过滤准确性方面存在问题,例如假阳性和假阴性,要么遇到可扩展性和部署问题,即终端主机TCP/IP堆栈或路由器修改。在本文中,我们提出了一种实用的软件定义网络(SDN)混合网络的IP源地址验证方案SAVSH。SAVSH利用SDN架构具有全局拓扑视图和集中控制模式的优势,能够定位SDN交换机更换的节点,并在节点上部署过滤规则,具有理想的IP前缀级过滤精度。同时,SAVSH还考虑了网络动态(如拓扑变化)。最后,建立的原型实验和典型拓扑仿真表明,SAVSH不仅具有理想的性能,而且具有以最小的SDN交换机部署成本换取最大验证效果的能力,平均部署成本为15%,前缀覆盖效益高达90%以上。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信