WORM-HUNTER: A worm guard system using software-defined networking

Hu, Y; Zheng, K; Wang, X; Yang, Y

WORM-HUNTER: A worm guard system using software-defined networking

Hu, Y Zheng, K Wang, X

Yang, Y

Permalink

Publisher:: KSII-KOR SOC INTERNET INFORMATION
Publication Type:: Journal Article
Citation:: KSII Transactions on Internet and Information Systems, 2017, 11, (1), pp. 484-510
Issue Date:: 2017-01-30

Closed Access

	Filename	Description	Size
	2017 WORM-HUNTER A Worm Guard System using Software-defined Networking.pdf.pdf	Published version	954.43 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Hu, Y
dc.contributor.author	Zheng, K
dc.contributor.author	Wang, X https://orcid.org/0000-0001-9439-6437
dc.contributor.author	Yang, Y
dc.date.accessioned	2021-01-05T01:01:32Z
dc.date.available	2021-01-05T01:01:32Z
dc.date.issued	2017-01-30
dc.identifier.citation	KSII Transactions on Internet and Information Systems, 2017, 11, (1), pp. 484-510
dc.identifier.issn	1976-7277
dc.identifier.issn	2288-1468
dc.identifier.uri	http://hdl.handle.net/10453/145080
dc.description.abstract	© 2017 KSII. Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.
dc.language	English
dc.publisher	KSII-KOR SOC INTERNET INFORMATION
dc.relation.ispartof	KSII Transactions on Internet and Information Systems
dc.relation.isbasedon	10.3837/tiis.2017.01.026
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	08 Information and Computing Sciences
dc.title	WORM-HUNTER: A worm guard system using software-defined networking
dc.type	Journal Article
utslib.citation.volume	11
utslib.for	08 Information and Computing Sciences
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Electrical and Data Engineering
pubs.organisational-group	/University of Technology Sydney
utslib.copyright.status	closed_access	*
dc.date.updated	2021-01-05T01:01:24Z
pubs.issue	1
pubs.publication-status	Published
pubs.volume	11
utslib.citation.issue	1

Abstract:

© 2017 KSII. Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/145080