Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention

Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities. To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes

A Survey of Virtual Network Architectures

With the storage needs of the world increasing, especially with the growth of cloud computing, data centers are being utilized more than ever. The increasing need of storage has led to more use of virtualization to help intra and inter data center communications. The virtualization of physical networks is used to help achieve this goal, but with the creation of Virtual Networks, systems must be designed to create, manage, and secure them. A Virtual Network Architecture is the system design for creating and maintaining virtual network components and the resulting networks they create. Different companies design different Virtual Network Architectures, with each having potentially different use cases. In designing a Virtual Network Architecture, there are many questions about how different aspects of the system work. Questions such as how do network nodes communicate with the management system, how are the data and control planes implemented, etc. In this report, we summarize and compare the Virtual Network Architectures from different companies. These architectures are used for creating and managing Virtual Networks, some with different use cases, but most with the purpose of creating and managing virtualized networks in large data centers