TY - GEN
T1 - SecControl
T2 - 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
AU - Wang, Li
AU - Wu, Dinghao
N1 - Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.
PY - 2018
Y1 - 2018
N2 - Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.
AB - Software-defined networking (SDN) is a promising paradigm to improve network security protections. A lot of security enhancements through SDN have been proposed. However, current SDN-based security solutions can hardly provide sufficient protections in a real SDN network, due to several reasons: (1) they are implemented at either the centralized SDN controllers or the decentralized network devices, which are subject to a performance limitation; (2) their designs are confined by SDN network characteristics and can only provide limited security functions; (3) many solutions have deployment challenges and compatibility issues. In this paper, we propose SecControl, a practical network protection framework combining the existing security tools and SDN technologies, to produce a comprehensive network security solution in an SDN environment. By employing the capabilities of existing security tools, SecControl is able to perceive the real-time security events dynamically and adjust the protected network environment correspondingly. It can be easily extended with various methods for different security threats. With SecControl, we construct a traditional-security-tool-friendly network security solution for software-defined networks. We implement a SecControl prototype with OpenFlow and evaluate its effectiveness and performance. Our experiment shows that SecControl can cooperate with many mainstream security tools and provide effective defense responses over SDN-supported networks.
UR - http://www.scopus.com/inward/record.url?scp=85046543509&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85046543509&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-78816-6_2
DO - 10.1007/978-3-319-78816-6_2
M3 - Conference contribution
AN - SCOPUS:85046543509
SN - 9783319788159
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 11
EP - 31
BT - Security and Privacy in Communication Networks - SecureComm 2017 International Workshops, ATCS and SePrIoT, Proceedings
A2 - Ghorbani, Ali
A2 - Ren, Kui
A2 - Zhu, Sencun
A2 - Zhang, Aiqing
A2 - Lin, Xiaodong
PB - Springer Verlag
Y2 - 22 October 2017 through 25 October 2017
ER -