Dynamic Policy Deployment in SDN Switch Based on Monitoring and Analysis of User Behaviors
作者: Ligang Dong , Long Chen , Yunfei Zhang , Bohan He , Jing Zhou
DOI: 10.1109/ICCCN.2018.8487412
关键词: Software deployment 、 Dynamic network analysis 、 Security policy 、 Network security 、 Computer network 、 Computer science 、 Software-defined networking 、 Data acquisition 、 Cluster analysis
摘要: With the rapid development of network technologies, many new such as Software Defined Network (SDN), are applied to firewalls manage security. However, current SDN cannot automatically change security policies according dynamic status or deploy personalized policy based on user identities. In this paper, we design a special switch that incorporates traffic acquisition module and data analysis module. According patterns caused by different behaviors, proposed could recognize identities statistical clustering analysis, corresponding policies. Experiments conducted over an OpenvSwitch showed accurately identify three kinds users apply respective flow tables successfully.
sci-hub.se 参考文章(13)
Yinghui (Catherine) Yang, Web user behavioral profiling for user identification Decision Support Systems. ,vol. 49, pp. 261- 271 ,(2010) , 10.1016/J.DSS.2010.03.001
Justin Gregory V. Pena, William Emmanuel Yu, Development of a distributed firewall using software defined networking technology international conference on information science and technology. pp. 449- 452 ,(2014) , 10.1109/ICIST.2014.6920514
Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, Ziming Zhao, FLOWGUARD: building robust firewalls for software-defined networks acm special interest group on data communication. pp. 97- 102 ,(2014) , 10.1145/2620728.2620749
Fabrício Benevenuto, Tiago Rodrigues, Meeyoung Cha, Virgílio Almeida, Characterizing user behavior in online social networks Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference - IMC '09. pp. 49- 62 ,(2009) , 10.1145/1644893.1644900
J. B. Macqueen, Some methods for classification and analysis of multivariate observations Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Volume 1: Statistics. ,vol. 1, pp. 281- 297 ,(1967)
Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, A security enforcement kernel for OpenFlow networks acm special interest group on data communication. pp. 121- 126 ,(2012) , 10.1145/2342441.2342466
Seung Won Shin, Phillip Porras, Vinod Yegneswara, Martin Fong, Guofei Gu, Mabry Tyson, None, FRESCO: Modular Composable Security Services for Software-Defined Networks network and distributed system security symposium. ,(2013)
Changhoon Yoon, Taejune Park, Seungsoo Lee, Heedo Kang, Seungwon Shin, Zonghua Zhang, Enabling security functions with SDN Computer Networks. ,vol. 85, pp. 19- 35 ,(2015) , 10.1016/J.COMNET.2015.05.005
Hongxin Hu, Ziming Zhao, Wonkyu Han, Gail Joon Ahn, Towards a Reliable SDN Firewall Open Networking Summit 2014 ({ONS} 2014). ,(2014)
Haoran Xu, Yuqing Sun, Identify user variants based on user behavior on social media international performance computing and communications conference. pp. 1- 8 ,(2015) , 10.1109/PCCC.2015.7410338