summary.tex: added references with bib files

story.tex : added the rest of the content to finish the draft. Iteration 1
            done
parent 5206a719
@ARTICLE{bowman:reasoning,
AUTHOR = "Mic Bowman and Saumya K. Debray and Larry L. Peterson",
TITLE = "Reasoning About Naming Systems",
JOURNAL = "ACM Trans. Program. Lang. Syst.",
VOLUME = {15},
NUMBER = {5},
PAGES = {795-825},
MONTH = "November",
YEAR = {1993} }
@ARTICLE{braams:babel,
AUTHOR = "Johannes Braams",
TITLE = "Babel, a Multilingual Style-Option System for Use with LaTeX's Standard Document Styles",
JOURNAL = {TUGboat},
VOLUME = {12},
NUMBER = {2},
PAGES = {291-301},
MONTH = "June",
YEAR = {1991} }
@INPROCEEDINGS{clark:pct,
AUTHOR = "Malcolm Clark",
TITLE = "Post Congress Tristesse",
BOOKTITLE = "TeX90 Conference Proceedings",
PAGES = "84-89",
ORGANIZATION = "TeX Users Group",
MONTH = "March",
YEAR = {1991} }
@ARTICLE{herlihy:methodology,
AUTHOR = "Maurice Herlihy",
TITLE = "A Methodology for Implementing Highly Concurrent
Data Objects",
JOURNAL = {ACM Trans. Program. Lang. Syst.},
VOLUME = {15},
NUMBER = {5},
PAGES = {745-770},
MONTH = "November",
YEAR = {1993} }
@BOOK{Lamport:LaTeX,
AUTHOR = "Leslie Lamport",
TITLE = "LaTeX User's Guide and Document Reference Manual",
PUBLISHER = "Addison-Wesley Publishing Company",
ADDRESS = "Reading, Massachusetts",
YEAR = "1986" }
@BOOK{salas:calculus,
AUTHOR = "S.L. Salas and Einar Hille",
TITLE = "Calculus: One and Several Variable",
PUBLISHER = "John Wiley and Sons",
ADDRESS = "New York",
YEAR = "1978" }
@INPROCEEDINGS{6133213,
author={Matias, J. and Jacob, E. and Sanchez, D. and Demchenko, Y.},
booktitle={Cloud Computing Technology and Science (CloudCom), 2011 IEEE Third International Conference on},
title={An OpenFlow Based Network Virtualization Framework for the Cloud},
year={2011},
month={Nov},
pages={672-678},
keywords={cloud computing;computer centres;virtual machines;virtualisation;MAC address;OpenFlow based network virtualization framework;cloud computing;data center infrastructures;inter-domain communication;layer 2 network virtualization;seamless migration;virtual machines;Complexity theory;Computer architecture;Context;Proposals;Servers;Switches;Virtual machining;Cloud computing;Data Center;MAC address;Network Virtualization;OpenFlow},
doi={10.1109/CloudCom.2011.104},}
@INPROCEEDINGS{6602984,
author={Autenrieth, A. and Elbers, J.-P. and Kaczmarek, P. and Kostecki, P.},
booktitle={Transparent Optical Networks (ICTON), 2013 15th International Conference on},
title={Cloud orchestration with SDN/OpenFlow in carrier transport networks},
year={2013},
month={June},
pages={1-4},
keywords={application program interfaces;cloud computing;computer network management;multiplexing equipment;optical fibre networks;optical switches;protocols;OFELIA project;OpenFlow;ROADM-based optical network;SDN protocol;application programming interface;carrier transport network;cloud orchestration service;lambda switching;multicarrier transport network;multitechnology transport network;network programmability;open API;software defined network;Integrated optics;Optical fiber networks;Optical fibers;Optical packet switching;Optical switches;Protocols;Switching circuits;Cloud Orchestration;OpenFlow;OpenStack;SDN;WDM;optical},
doi={10.1109/ICTON.2013.6602984},
ISSN={2161-2056},}
@ARTICLE{6553678,
author={Azodolmolky, S. and Wieder, P. and Yahyapour, R.},
journal={Communications Magazine, IEEE},
title={Cloud computing networking: challenges and opportunities for innovations},
year={2013},
month={July},
volume={51},
number={7},
pages={54-62},
keywords={cloud computing;IaaS facilities;cloud computing facilities;cloud computing networking;compute resources on-demand provisioning;networking issues;networking resource on-demand provisioning;pay-per-use business model;software-defined networking proposals;storage resource on-demand provisioning;utility computing;Cloud computing;Network topology;Servers;Switches;Virtual private networks},
doi={10.1109/MCOM.2013.6553678},
ISSN={0163-6804},}
@INPROCEEDINGS{6009336,
AUTHOR={Houidi, I. and Mechtri, M. and Louati, W. and Zeghlache, D.},
BOOKTITLE={Services Computing (SCC), 2011 IEEE International Conference on},
TITLE={Cloud Service Delivery across Multiple Cloud Platforms},
YEAR={2011},
MONTH={July},
PAGES={741-742},
keywords={cloud computing;integer programming;NOX technologies;OpenFlow switches;cloud brokers;cloud platforms;cloud service delivery;intercloud networking;mixed integer program;splitting algorithm;Cloud computing;Conferences;Data models;Delay;Mathematical programming;Network topology;Resource management;Cloud request splitting;Cloud service delivery;cloud broker;flow based cloud networking;provisioning},
doi={10.1109/SCC.2011.107},}
@MISC{securityonion:online,
author = {Burks, Doug},
title = {Pluggable interface for various IDS},
month={},
year={},
howpublished = {\url{https://launchpad.net/~securityonion/+archive/stable}}
}
@MISC{OESS,
author = {},
title = {Open Exchange Software Suite},
month={},
year={},
howpublished = {\url{http://globalnoc.iu.edu/sdn/oess.html}}
}
@MISC{RYU,
author = {},
title = {Component Based SDN Controller},
month={},
year={},
howpublished = {\url{http://osrg.github.io/ryu/}}
}
@MISC{FOAM,
author = {},
title = {Aggregate manager for GENI},
month={},
year={},
howpublished = {\url{https://openflow.stanford.edu/display/FOAM/Home}}
}
@MISC{teston,
author = {},
title = {SDN Testing suite},
month={},
year={},
howpublished = {\url{https://github.com/Paxterra/TestON}}
}
No preview for this file type
\title{First Draft for ACM SIGCOMM Workshop on Distributed Cloud Computing (DCC 2014)}
\title{Elastic network anomaly prevention, detection and
mitigation using SDN and Cloud}
\author{
Praveen Kumar Shanmugam\\
School of Computing\\
......@@ -10,13 +11,13 @@
\usepackage{graphicx}
\usepackage{hyperref}
\usepackage{float}
\begin{document}
\maketitle
\begin{abstract}
Title: Elastic network anomaly prevention, detection and
mitigation using SDN and Cloud
First Draft for ACM SIGCOMM Workshop on Distributed Cloud Computing (DCC 2014)
\end{abstract}
\section{Introduction}
......@@ -53,12 +54,10 @@ making it a scale able approach.
With multiple core network sites being maintained at multiple points, the
cloud at each site can be used to make it scale more than the current site's
capability assuming that these sites are connected using Software Defined
Network. [Ref:
\url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6009336}]
Network.
\section{Campus Network}
The campus network is shown in the Architecture Diagram 1.0.
The Campus Gateway (CG) serves as the entry point of the core network in which all
the inbound and outbound traffic passes through. The Campus Cloud Gateway
(CClG) forms the boundary between the campus core network and the Campus Cloud
......@@ -72,34 +71,41 @@ network devices within it.\\
The Campus Core network also has an SDN controller which spans across the core
network devices.\\
\centerline{\includegraphics[width=1.1\textwidth]{ElasticIdsArch.jpg}}
\section{CNAC Interface}
We introduce a Cloud and Network Access Controller (CNAC) module which forms
The framework consists of a Cloud and Network Access Controller (CNAC) module which forms
the brain of the framework. CNAC interfaces with the Cloud Controller and
the Cloud SDN Controller for controlling the IDS instances and network path
for that instance. Without the access to the network in the Cloud for the IDS
instance it is very difficult to deliver the traffic of interest just like the
instance it is very difficult to deliver the traffic of interest exactly like the
packet which reaches the destination without manual setup.
CNAC Interface also controls the Campus SDN Controller to enable the tap
points and install/delete flows based upon the CNAC commands to help monitor
the traffic or mitigate the attack.
the traffic of interest or mitigate the attack.
\section{Architecture Diagram 1.0}
\centerline{\includegraphics[width=1.1\textwidth]{ElasticIdsArch.jpg}}
\section{Implementation}
One primary instance to monitor the traffic constantly. And there must be
One primary instance to monitor the traffic constantly. And there will be a
standby instances ready to monitor rather than instantiating newly. When these
standby's are used then a new instance to be spawned. This is just to make
standby's are used then a new instance will be spawned. This is just to make
sure that we react to the situation as soon as possible.
We are looking into BRO IDS as it is easy to add rules to alert when something
goes out of normal. The catch is that these rules are handcrafted.
The IDS monitoring is to be done using Security Onion. It is a Linux distro which forms a generic framework to plug different IDS (Intrusion Detection System) and NSM (Network Security Monitoring) tool. This also supports ELSA (Enterprise Log Search and Archive) which is a query tool
for looking at all of the supported IDS and NSM logs through the single
interface. It works in server client model where multiple clients can be
spawned and made to push the logs to the centralized server. This architecture
makes it less tedious to get the alerts from the IDS for the decision making.
\centerline{\includegraphics[width=0.7\textwidth]{IDS_SecurityOnion.jpg}}
Another thing to consider is the traffic that is tapped before the firewall
and after the firewall. The traffic after the firewall is always considered to
be safe but it may not be the case in few.
The overall architecture diagram doesn't show the firewall as the placement of
firewall can be before or after the campus gateway. Though the expectation of
the firewall is to filter out all the malicious traffic but there is no
guarantee that a legit traffic can cause malicious behavior.
Closed loop has two parts. One the instance creation and the second the
The proposed framework consists of a closed loop mechanism which has two parts.
One the instance creation and the second the
network changes for reacting to the alert. As of now there is no defined way
to have specific actions for some alerts and it is well beyond the scope of
this project. Requires extensive machine learning and extensive parsing rules
......@@ -107,10 +113,6 @@ and an important thing will be the false positive actions.
We'll be concentrating on the cloud instance creation for the taps rather than
taking network level actions.
Another thing to look out for is that Security Onion is not meant to scale.
Have to manually test the Server Sensor combination to come up with the
maximum capacity.
Few cases for new instance creation are heavy load to one IDS, drastic alert
from single source like a flood of TCP connection. Should come up with various
such cases. This will be good enough to start off with.
......@@ -138,10 +140,72 @@ the tapping has to be removed.
\subsection{Cloud Part}
Flowvisor can be used in the cloud part which we want the traffic to be
isolated and delivered to the specific VM without affecting the others
traffic.
traffic. The cloud is to be given the capability to accept the type of traffic
that needs to be delivered to the VM based on the 5 tuple data format given to
it. The API that are to be implemented are as follows.
\begin{enumerate}
\item \textbf{incomingTrafficSet(traffic, VM)} : Delivers the specified traffic
type to the VM. This is a user level API.
\item \textbf{fanoutTrafficSet(networkNode, traffic, outPorts)} : Forward
the traffic at the given network node to all the output ports. This is
a system level API.
\end{enumerate}
\section{Cloud Networking}
For creating virtual networks between cloud tenants in the cloud. This is
achieved using SDN which are used in two places.
\begin{itemize}
\item For the TOR control to connect physical machines using internal network.
\item Physical Machine runs openvswitch to connect to different VMs.
\end{itemize}
The current API's provided by OpenStack uses SDN to achieve the network,
subnet and port abstraction. These also provide firewall rules to handpick the
traffic type to the VMs.\\
This allows tenants to create private network inside the cloud. These are achieved
using OpenFlow rules using VLANS and GRE tunneling.\\
Though it uses SDN controllers we can't get our hands directly on the controller.
These are controlled by REST APIs from OpenStack Quatum Server based upon
the requests. Openstack had to be tailed to make these SDN controller accept rules based on our
needs.\\
The cases that are to be considered that other VM traffic are not matched
against these rules. To enable such behavior flowVisor can be used inside the
cloud.
\subsection{OpenStack Neutron - SDN}
This is followed by openstack which uses SDN in its underlying network.
\centerline{\includegraphics[width=1.0\textwidth]{Cloud_SDN_Explained.jpg}}
\subsection{Amazon Virtual Private Cloud}
These also try to provide the user with the same functionality but the
underlying architecture is a closed one. This again the network is with the cloud
between the same administrative tenants.
\section{Related Work}
\textbf{SDN in Cloud}\\
The paper talks about using OpenFlow to create a virtual network
abstraction for the tenants. This is what OpenStack Neutron does.
\begin{itemize}
\item An OpenFlow based Network Virtualization Framework for the
Cloud~\cite{6133213}.\\
\item Cloud orchestration with SDN/OpenFlow in carrier transport
networks~\cite{6602984}.\\
\item Cloud computing networking: challenges and opportunities for
innovations~\cite{6553678}\\
\end{itemize}
\textbf{Multi-Site Work}
\begin{itemize}
\item Cloud Service Delivery Across Multiple Cloud
Platforms~\cite{6009336} is a work in progress infrastructure to connect multi site tenants. This
is achieved by OpenFlow switches connecting the site and installing flows based on
the connectivity requirements of the services.
\end{itemize}
\bibliographystyle{abbrv}
\bibliography{main}
\bibliography{reference}
\end{document}
No preview for this file type
......@@ -169,16 +169,13 @@ traffic.
\begin{itemize}
\item GENI to be used for the cloud part (inside GENI itself). [Not easy.
Possibly use openstack]
\item Security Onion (SO) [pluggable interface for various IDS]
\url{https://launchpad.net/~securityonion/+archive/stable}
\item OESS: OPEN EXCHANGE SOFTWARE SUITE \url{http://globalnoc.iu.edu/sdn/oess.html}
\item Security Onion (SO)~\cite{securityonion:online}
\item OESS: OPEN EXCHANGE SOFTWARE SUITE~\cite{OESS}
\item Chef: To distribute the rules of the IDS installation in Security Onion.
\item CLIPS/DROOL : Rule based modules.
\item RYU SDN Controller : \url{http://osrg.github.io/ryu/}
\item FOAM : aggregate manager for GENI
\url{https://openflow.stanford.edu/display/FOAM/Home}
\item TestON: SDN Testing suite
\url{https://github.com/Paxterra/TestON}
\item RYU SDN Controller~\cite{RYU}
\item FOAM : aggregate manager for GENI~\cite{FOAM}
\item TestON: SDN Testing suite~\cite{teston}
\end{itemize}
\section{Security Onion}
......@@ -316,27 +313,23 @@ keep the isolation of flowspaces between slivers.
abstraction for the tenants. This is what OpenStack Neutron does.
\begin{itemize}
\item An OpenFlow based Network Virtualization Framework for the
Cloud\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6133213\&tag=1}
Cloud~\cite{6133213}.\\
\item Cloud orchestration with SDN/OpenFlow in carrier transport
networks\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6602984}
networks~\cite{6602984}.\\
\item Cloud computing networking: challenges and opportunities for
innovations\\
Link : \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6553678}
innovations~\cite{6553678}\\
\end{itemize}
\textbf{Multi-Site Work}
\begin{itemize}
\item Cloud Service Delivery Across Multiple Cloud Platforms Work in progress infrastructure to connect multi site tenants. This
\item Cloud Service Delivery Across Multiple Cloud Platforms~\cite{6009336}is a work in progress infrastructure to connect multi site tenants. This
is achieved by OpenFlow switches connecting the site and installing flows based on
the connectivity requirements of the services.
Link: \url{http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=6009336}
\end{itemize}
\bibliographystyle{abbrv}
\bibliography{main}
\bibliography{reference}
\end{document}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment