WORM-HUNTER: A worm guard system using software-defined networking
- Publisher:
- KSII-KOR SOC INTERNET INFORMATION
- Publication Type:
- Journal Article
- Citation:
- KSII Transactions on Internet and Information Systems, 2017, 11, (1), pp. 484-510
- Issue Date:
- 2017-01-30
Closed Access
Filename | Description | Size | |||
---|---|---|---|---|---|
2017 WORM-HUNTER A Worm Guard System using Software-defined Networking.pdf.pdf | Published version | 954.43 kB |
Copyright Clearance Process
- Recently Added
- In Progress
- Closed Access
This item is closed access and not available.
© 2017 KSII. Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference.
Please use this identifier to cite or link to this item: