90,695 research outputs found
SDN as Active Measurement Infrastructure
Active measurements are integral to the operation and management of networks,
and invaluable to supporting empirical network research. Unfortunately, it is
often cost-prohibitive and logistically difficult to widely deploy measurement
nodes, especially in the core. In this work, we consider the feasibility of
tightly integrating measurement within the infrastructure by using Software
Defined Networks (SDNs). We introduce "SDN as Active Measurement
Infrastructure" (SAAMI) to enable measurements to originate from any location
where SDN is deployed, removing the need for dedicated measurement nodes and
increasing vantage point diversity. We implement ping and traceroute using
SAAMI, as well as a proof-of-concept custom measurement protocol to demonstrate
the power and ease of SAAMI's open framework. Via a large-scale measurement
campaign using SDN switches as vantage points, we show that SAAMI is accurate,
scalable, and extensible
Active Topology Inference using Network Coding
Our goal is to infer the topology of a network when (i) we can send probes
between sources and receivers at the edge of the network and (ii) intermediate
nodes can perform simple network coding operations, i.e., additions. Our key
intuition is that network coding introduces topology-dependent correlation in
the observations at the receivers, which can be exploited to infer the
topology. For undirected tree topologies, we design hierarchical clustering
algorithms, building on our prior work. For directed acyclic graphs (DAGs),
first we decompose the topology into a number of two-source, two-receiver
(2-by-2) subnetwork components and then we merge these components to
reconstruct the topology. Our approach for DAGs builds on prior work on
tomography, and improves upon it by employing network coding to accurately
distinguish among all different 2-by-2 components. We evaluate our algorithms
through simulation of a number of realistic topologies and compare them to
active tomographic techniques without network coding. We also make connections
between our approach and alternatives, including passive inference, traceroute,
and packet marking
Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation
Owing to a growing number of attacks, the assessment of Industrial Control
Systems (ICSs) has gained in importance. An integral part of an assessment is
the creation of a detailed inventory of all connected devices, enabling
vulnerability evaluations. For this purpose, scans of networks are crucial.
Active scanning, which generates irregular traffic, is a method to get an
overview of connected and active devices. Since such additional traffic may
lead to an unexpected behavior of devices, active scanning methods should be
avoided in critical infrastructure networks. In such cases, passive network
monitoring offers an alternative, which is often used in conjunction with
complex deep-packet inspection techniques. There are very few publications on
lightweight passive scanning methodologies for industrial networks. In this
paper, we propose a lightweight passive network monitoring technique using an
efficient Media Access Control (MAC) address-based identification of industrial
devices. Based on an incomplete set of known MAC address to device
associations, the presented method can guess correct device and vendor
information. Proving the feasibility of the method, an implementation is also
introduced and evaluated regarding its efficiency. The feasibility of
predicting a specific device/vendor combination is demonstrated by having
similar devices in the database. In our ICS testbed, we reached a host
discovery rate of 100% at an identification rate of more than 66%,
outperforming the results of existing tools.Comment: http://dx.doi.org/10.14236/ewic/ICS2018.
- …