LST 2.0: Testbed Emulado Baseado em Contêineres para Redes SDN Seguras
Resumo
Nem todo testbed emulado é adequado para experimentações em segurança. Frequentemente os testbeds em segurança estão restritos ao contexto de aplicação para o qual foram desenvolvidos ou têm por base outras tecnologias que apresentam limitações de configurabilidade e de aplicações de segurança (e.g. Mininet), enquanto outras propostas de testbeds (e.g. DockSDN) permitem maior configurabilidade, mas não possuem foco em aplicações de segurança ou não estão inseridas no contexto de redes SDN. Visando atender à lacuna de pesquisa identificada, é proposta o Lighweight SDN Testbed (LST 2.0) - ferramenta leve capaz de atender a diversos contextos de aplicação tanto de segurança quanto de redes SDN programadas e em tempo real via Python. É possível monitorar a rede e coletar métricas fazendo uso de Netflow, sFlow, IPFIX ou CICFlowMeter. Ainda, imagens Docker pré-construídas são disponibilizadas para a emulação de fluxos de rede tanto benignos quanto maliciosos.
Palavras-chave:
SDN, Leve, Testbed, Emulador, Segurança, Contêiner, Tempo Real
Referências
A. Alashhab, e. a. (2021). Experimenting and evaluating the impact of dos attacks on different sdn controllers. In IEEE 1st International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering MI-STA. IEEE.
D. Kreutz, e. a. (2015). Software-defined networking: A comprehensive survey. In Proceedings of the IEEE, volume 103. IEEE.
E. Petersen, M. A. (2020). Docksdn: A hybrid container-based sdn emulation tool. In 2020 IEEE Latin-American Conference on Communications (LATINCOM). IEEE.
H. Lashkari, e. a. (2017). Characterization of tor traffic using time based features. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP.
I. Sumantra, S. G. (2020). Ddos attack detection and mitigation in software defined networks. In International Conference on System, Computation, Automation and Networking (ICSCAN). IEEE.
K. Raghunath, P. K. (2018). Towards a secure sdn architecture. In 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT). IEEE.
M. Khan, O. Rehman, I. R. (2020). Lightweight testbed for cybersecurity experiments in scada-based systems. In 020 International Conference on Computing and Information Technology 10 Sep. 2020, volume 1. IEEE, Tabuk, Saudi Arabia.
M. Ring, e. a. (2017). Flowbased benchmark datasets for intrusion detection. In Proceedings of the 16 th European Conference on Cyber Warfare and Security (ECCWS), page 361369. ACPI.
O. Flauzac, E. R. (2019). Is mininet the right solution for an sdn testbed? In IEEE Global Communications Conference (GLOBECOM). IEEE.
P. Maity, e. a. (2020). An effective probabilistic technique for ddos detection in openflow controller. In IEEE Systems Journal, volume 16. IEEE.
R. Chadha, e. a. (2016). Cybervan: A cyber security virtual assured network testbed. In MILCOM 2016 - 2016 IEEE Military Communications Conference. IEEE.
R. Meena, e. a. (2020). Ryu sdn controller testbed for performance testing of source address validation techniques. In 3rd International Conference on Emerging Technologies in Computer Engineering: Machine Learning and Internet of Things (ICETCE). IEEE.
X. Zhang, N. Prabhu, R. T. (2020). Nestednet: A container-based prototyping tool for hierarchical software defined networks. In International Workshop on Rapid System Prototyping (RSP). IEEE.
D. Kreutz, e. a. (2015). Software-defined networking: A comprehensive survey. In Proceedings of the IEEE, volume 103. IEEE.
E. Petersen, M. A. (2020). Docksdn: A hybrid container-based sdn emulation tool. In 2020 IEEE Latin-American Conference on Communications (LATINCOM). IEEE.
H. Lashkari, e. a. (2017). Characterization of tor traffic using time based features. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP.
I. Sumantra, S. G. (2020). Ddos attack detection and mitigation in software defined networks. In International Conference on System, Computation, Automation and Networking (ICSCAN). IEEE.
K. Raghunath, P. K. (2018). Towards a secure sdn architecture. In 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT). IEEE.
M. Khan, O. Rehman, I. R. (2020). Lightweight testbed for cybersecurity experiments in scada-based systems. In 020 International Conference on Computing and Information Technology 10 Sep. 2020, volume 1. IEEE, Tabuk, Saudi Arabia.
M. Ring, e. a. (2017). Flowbased benchmark datasets for intrusion detection. In Proceedings of the 16 th European Conference on Cyber Warfare and Security (ECCWS), page 361369. ACPI.
O. Flauzac, E. R. (2019). Is mininet the right solution for an sdn testbed? In IEEE Global Communications Conference (GLOBECOM). IEEE.
P. Maity, e. a. (2020). An effective probabilistic technique for ddos detection in openflow controller. In IEEE Systems Journal, volume 16. IEEE.
R. Chadha, e. a. (2016). Cybervan: A cyber security virtual assured network testbed. In MILCOM 2016 - 2016 IEEE Military Communications Conference. IEEE.
R. Meena, e. a. (2020). Ryu sdn controller testbed for performance testing of source address validation techniques. In 3rd International Conference on Emerging Technologies in Computer Engineering: Machine Learning and Internet of Things (ICETCE). IEEE.
X. Zhang, N. Prabhu, R. T. (2020). Nestednet: A container-based prototyping tool for hierarchical software defined networks. In International Workshop on Rapid System Prototyping (RSP). IEEE.
Publicado
12/09/2022
Como Citar
KAIHARA, Alexandre M.; BONDAN, Lucas; GONDIM, João J. C.; RODRIGUES, Gabriel S.; MAROTTA, Marcelo A.; RODRIGUES, Genaína N..
LST 2.0: Testbed Emulado Baseado em Contêineres para Redes SDN Seguras. In: SALÃO DE FERRAMENTAS - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 111-118.
DOI: https://doi.org/10.5753/sbseg_estendido.2022.227024.