发布求助
文献互助 智能选刊 最新文献

2020 6th IEEE Conference on Network Softwarization (NetSoft)最新文献

筛选
英文 中文
Introducing programmability and automation in the synthesis of virtual firewall rules 在虚拟防火墙规则的合成中引入可编程性和自动化
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165434
Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov
{"title":"Introducing programmability and automation in the synthesis of virtual firewall rules","authors":"Daniele Bringhenti, G. Marchetto, R. Sisto, Fulvio Valenza, Jalolliddin Yusupov","doi":"10.1109/NetSoft48620.2020.9165434","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165434","url":null,"abstract":"The rise of new forms of cyber-threats is mostly due to the extensive use of virtualization paradigms and the increasing adoption of automation in the software life-cycle. To address these challenges we propose an innovative framework that leverages the intrinsic programmability of the cloud and software-defined infrastructures to improve the effectiveness and efficiency of reaction mechanisms. In this paper, we present our contributions with a demonstrative use case in the context of Kubernetes. By means of this framework, developers of cybersecurity appliances will not have any more to care about how to react to events or to struggle to define any possible security tasks at design time. In addition, automatic firewall ruleset generation provided by our framework will mostly avoid human intervention, hence decreasing the time to carry out them and the likelihood of errors. We focus our discussions on technical challenges: definition of common actions at the policy level and their translation into configurations for the heterogeneous set of security functions by means of a use case.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127867370","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Smart Provisioning of Sliceable Bandwidth Variable Transponders in Elastic Optical Networks 弹性光网络中可切片带宽可变转发器的智能配置
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/netsoft48620.2020.9165462
M. U. Masood, I. Khan, Arsalan Ahmad, Muhammad Imran, V. Curri
{"title":"Smart Provisioning of Sliceable Bandwidth Variable Transponders in Elastic Optical Networks","authors":"M. U. Masood, I. Khan, Arsalan Ahmad, Muhammad Imran, V. Curri","doi":"10.1109/netsoft48620.2020.9165462","DOIUrl":"https://doi.org/10.1109/netsoft48620.2020.9165462","url":null,"abstract":"Prior provisioning of optical source technologies have techno-economic importance for the operator during the design and planning of optical network architectonics. Advancement towards the latest technology paradigm such as Elastic Optical Networks (EONs) and Software Defined Networking (SDN) open a gateway for a flexible and re-configurable optical network architecture. In order to achieve the required degree of flexibility, a flexible and dynamic behaviour is required both at the control and data plane. In this regards, SDN-enabled flexible optical transceivers are proposed to provide the required degree of flexibility. Sliceable Bandwidth Variable Transponders (SBVTs) is one of the recent type of flexible optical transceivers. Based on the type/technology of optical carrier source, the SBVTs are categorized into two types; Multi-Laser SBVT (ML-SBVT) and Multi-wavelength SBVT (MW-SBVT). Both architectures have their own pros and cons when it comes to accommodate traffic request. In this paper, we propose a selection model for the SBVTs before its actual deployment in the network. The selection model consider various design and planning phase network characteristics. In addition to this selection model, the comparison of centralized Flex-OCSM architecture is also presented with the already discussed SBVT types. The analysis in this work is performed on random network (20 nodes) and the German Network (17 nodes).","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116890728","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Leveraging on the XDP Framework for the Efficient Mitigation of Water Torture Attacks within Authoritative DNS Servers 利用XDP框架有效缓解权威DNS服务器内的水刑攻击
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/netsoft48620.2020.9165454
Nikos Kostopoulos, D. Kalogeras, B. Maglaris
{"title":"Leveraging on the XDP Framework for the Efficient Mitigation of Water Torture Attacks within Authoritative DNS Servers","authors":"Nikos Kostopoulos, D. Kalogeras, B. Maglaris","doi":"10.1109/netsoft48620.2020.9165454","DOIUrl":"https://doi.org/10.1109/netsoft48620.2020.9165454","url":null,"abstract":"In this paper we utilize XDP for DNS Deep Packet Inspection (DPI) in order to mitigate Water Torture attacks at the NIC driver level of Authoritative DNS Servers. Our approach may benefit DNS Administrators who wish to filter attack traffic within their DNS infrastructure and avoid the latency overhead and additional costs imposed by external cloud scrubbing services. Our schema does not depend on specialized hardware and does not blacklist entire domain name suffices, hence does not block legitimate requests. Packets are intercepted by XDP that identifies messages of DNS requests for further processing. Requested names are extracted from the message payload and categorized based on their validity. Valid names are forwarded to the user space to be resolved, whilst invalid ones are dropped within the Linux kernel at an early stage without downgrading the DNS service. Names are classified using Bloom Filters that map DNS zone contents in a memory efficient manner. These probabilistic data structures are free of false negatives and therefore valid DNS requests are never dropped. We provide a proof of concept setup to test our schema under a DDoS attack scenario and assess how mitigation performance is affected by DPI on DNS requests. Our experiments verify that using XDP significantly increases the throughput of valid DNS responses compared to user space alternatives. In conclusion, XDP emerges as a promising solution for the mitigation of Water Torture attacks against DNS servers.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128174325","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Technical Sponsor 技术支持
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/tase.2017.8285617
{"title":"Technical Sponsor","authors":"","doi":"10.1109/tase.2017.8285617","DOIUrl":"https://doi.org/10.1109/tase.2017.8285617","url":null,"abstract":"","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127903459","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Ensemble-based Synthetic Data Synthesis for Federated QoE Modeling 联邦QoE建模中基于集成的综合数据综合
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165379
Selim Ickin, K. Vandikas, Farnaz Moradi, Jalil Taghia, Wenfeng Hu
{"title":"Ensemble-based Synthetic Data Synthesis for Federated QoE Modeling","authors":"Selim Ickin, K. Vandikas, Farnaz Moradi, Jalil Taghia, Wenfeng Hu","doi":"10.1109/NetSoft48620.2020.9165379","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165379","url":null,"abstract":"Quality of Experience (QoE) models need good generalization that necessitates sufficient amount of user-labeled datasets associated with measurements related to underlying QoE factors. However, obtaining QoE datasets is often costly, since they are preferably collected from many subjects with diverse background, and eventually dataset sizes and representations are limited. Models can be improved by sharing and merging those collected local datasets, however regulations such as GDPR make data sharing difficult, as those local user datasets might contain sensitive information about the subjects. A privacy-preserving machine learning approach such as Federated Learning (FL) is a potential candidate that enables sharing of QoE data models between collaborators without exposing ground truth, but only by means of sharing the securely aggregated form of extracted model parameters. While FL can enable a seamless QoE model management, if collaborators do not have the same level of data quality, more iterations of information sharing over a communication channel might be necessary for models to reach an acceptable accuracy. In this paper, we present an ensemble based Bayesian synthetic data generation method for FL, LOO (Leave-One-Out), which reduces the training time by 30% and the network footprint in the communication channel by 60%.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"22 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124492518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
DIDA: Distributed In-Network Defense Architecture Against Amplified Reflection DDoS Attacks DIDA:针对放大反射DDoS攻击的分布式网内防御架构
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165488
Xin Zhe Khooi, Levente Csikor, D. Divakaran, M. Kang
{"title":"DIDA: Distributed In-Network Defense Architecture Against Amplified Reflection DDoS Attacks","authors":"Xin Zhe Khooi, Levente Csikor, D. Divakaran, M. Kang","doi":"10.1109/NetSoft48620.2020.9165488","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165488","url":null,"abstract":"With each new DDoS attack potentially becoming a higher intensity attack than the previous ones, current ISP measures of over-provisioning or employing a scrubbing service are becoming ineffective and inefficient. We argue that we need an in-network solution (i.e., entirely in the data plane), to detect DDoS attacks, identify the corresponding traffic and mitigate promptly. In this paper, we propose the first distributed in-network defense architecture, DIDA, to cope with the sophisticated amplified reflection DDoS (AR-DDoS) attacks. We leverage programmable stateful data planes and efficient data structures and show that it is possible to keep track of per-user connections in an automated and distributed manner without overwhelming the network controller. Building on top of this data, DIDA can easily detect if unsolicited attack packets are sent towards a victim within an ISP network. Once an attack is detected, the routers at the network edge automatically block the malicious sources. We prototype DIDA in P4. Our preliminary experiments show that DIDA can detect and mitigate 99.8% of amplification attacks containing 7, 000 different sources while requiring less than 1% of the memory of current programmable switches.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122752401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Secure and Private Smart Grid: The SPEAR Architecture 安全和私有智能电网:SPEAR架构
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165420
Panagiotis I. Radoglou-Grammatikis, P. Sarigiannidis, Eider Iturbe, Erkuden Rios, Antonios Sarigiannidis, Odysseas Nikolis, D. Ioannidis, Vasileios Machamint, Michalis Tzifas, Alkiviadis Giannakoulias, M. Angelopoulos, A. Papadopoulos, Francisco Ramos
{"title":"Secure and Private Smart Grid: The SPEAR Architecture","authors":"Panagiotis I. Radoglou-Grammatikis, P. Sarigiannidis, Eider Iturbe, Erkuden Rios, Antonios Sarigiannidis, Odysseas Nikolis, D. Ioannidis, Vasileios Machamint, Michalis Tzifas, Alkiviadis Giannakoulias, M. Angelopoulos, A. Papadopoulos, Francisco Ramos","doi":"10.1109/NetSoft48620.2020.9165420","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165420","url":null,"abstract":"Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124976262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Programmable Data Gathering for Detecting Stegomalware 用于检测隐写恶意软件的可编程数据采集
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165537
A. Carrega, L. Caviglione, M. Repetto, M. Zuppelli
{"title":"Programmable Data Gathering for Detecting Stegomalware","authors":"A. Carrega, L. Caviglione, M. Repetto, M. Zuppelli","doi":"10.1109/NetSoft48620.2020.9165537","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165537","url":null,"abstract":"The “arm race” against malware developers requires to collect a wide variety of performance measurements, for instance to face threats leveraging information hiding and steganography. Unfortunately, this process could be time-consuming, lack of scalability and cause performance degradations within computing and network nodes. Moreover, since the detection of steganographic threats is poorly generalizable, being able to collect attack-independent indicators is of prime importance. To this aim, the paper proposes to take advantage of the extended Berkeley Packet Filter to gather data for detecting stegomalware. To prove the effectiveness of the approach, it also reports some preliminary experimental results obtained as the joint outcome of two H2020 Projects, namely ASTRID and SIMARGL.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114896051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Machine Learning for Dynamic Resource Allocation in Network Function Virtualization 网络功能虚拟化中动态资源分配的机器学习
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165348
Stefan Schneider, Narayanan Puthenpurayil Satheeschandran, Manuel Peuster, H. Karl
{"title":"Machine Learning for Dynamic Resource Allocation in Network Function Virtualization","authors":"Stefan Schneider, Narayanan Puthenpurayil Satheeschandran, Manuel Peuster, H. Karl","doi":"10.1109/NetSoft48620.2020.9165348","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165348","url":null,"abstract":"Network function virtualization (NFV) proposes to replace physical middleboxes with more flexible virtual network functions (VNFs). To dynamically adjust to ever-changing traffic demands, VNFs have to be instantiated and their allocated resources have to be adjusted on demand. Deciding the amount of allocated resources is non-trivial. Existing optimization approaches often assume fixed resource requirements for each VNF instance. However, this can easily lead to either waste of resources or bad service quality if too many or too few resources are allocated. To solve this problem, we train machine learning models on real VNF data, containing measurements of performance and resource requirements. For each VNF, the trained models can then accurately predict the required resources to handle a certain traffic load. We integrate these machine learning models into an algorithm for joint VNF scaling and placement and evaluate their impact on resulting VNF placements. Our evaluation based on real-world data shows that using suitable machine learning models effectively avoids over- and under-allocation of resources, leading to up to 12 times lower resource consumption and better service quality with up to 4.5 times lower total delay than using standard fixed resource allocation.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121214850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Impact of Virtual Networks on Anomaly Detection with Machine Learning 虚拟网络对机器学习异常检测的影响
2020 6th IEEE Conference on Network Softwarization (NetSoft) Pub Date : 2020-06-01 DOI: 10.1109/NetSoft48620.2020.9165325
Daniel Spiekermann, J. Keller
{"title":"Impact of Virtual Networks on Anomaly Detection with Machine Learning","authors":"Daniel Spiekermann, J. Keller","doi":"10.1109/NetSoft48620.2020.9165325","DOIUrl":"https://doi.org/10.1109/NetSoft48620.2020.9165325","url":null,"abstract":"The enormous number of network packets transferred in modern networks together with the high-speed transmissions hamper the implementation of successful IT security mechanisms. In addition to this, virtual networks create highly dynamic and flexible environments, which differ widely from well-known infrastructures of the past decade. Network forensic investigation aiming at the detection of covert channels, malware usage or anomaly detection is faced with new problems and gets a time-consuming, error-prone and complex process. Machine learning provides advanced techniques to perform this work faster with a lower error rate. Depending on the learning technique, algorithms work nearly without any necessary interaction to detect relevant events in the transferred network packets. Occurring changes are noticed and additional processes might be started. Current algorithms work well in static environments, but the highly-dynamic environments of virtual networks create additional events, which might irritate the anomaly detection algorithms. This paper analyses virtual network protocols like VXLAN, GRE and GENVE and their impact of the detection rate of anomalies in the environment. Our research shows the need for adapted pre-processing of the network data, in the worst case on demand if changes are detected.","PeriodicalId":239961,"journal":{"name":"2020 6th IEEE Conference on Network Softwarization (NetSoft)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126680251","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信