Network forensic investigation in OpenFlow networks with ForCon
نویسندگان
چکیده
To resolve the challenges of forensic investigation in virtual networks, we present a new forensic framework called “Virtual Network Forensic Process”. Based on this framework we present the design, implementation and workflow of ForCon d a forensic controller to implement network investigation in OpenFlow controlled networks using Open vSwitch. Current trends bear out that virtualization techniques are no longer limited to computers as virtual machines. Thus cloud service providers try to offer greater value to their customers by implementing virtual networks and storage. Virtual environments have the same requirements for forensic investigation, however to fulfil these new tools and workflows to resolve new challenges like virtual machine migration or user customization are needed. ForCon uses dislocated agents in the network to monitor the virtual environment for changes and adapt the installed capture process without the need for any further interaction by an investigator. Thus, the network forensic investigation in virtual networks becomes flexible and valid evidence of the network data is
منابع مشابه
OpenFlow Virtual Appliance: An Efficient Security Interface For Cloud Forensic Spyware Robot
Network forensics vis-a-vis cloud computing offerings can be leveraged to address the needs of enterprise-grade spyware solutions online. A modular, extensible cloud architecture with intrinsic support for efficient security monitoring is proposed and an implementation architecture which facilitates dynamic interface with OpenFlow hardware to create infinite flexibility in managing security dec...
متن کاملRISE: A Wide-Area Hybrid OpenFlow Network Testbed
The deployment of hybrid wide-area OpenFlow networks is essential for the gradual integration of OpenFlow technology into existing wide-area networks. Integration is necessary because it is impractical to replace such wide-area networks with OpenFlow-enabled ones at once. On the other hand, the design, deployment, and operation of such hybrid OpenFlow networks are often conducted intuitively wi...
متن کاملLegacyFlow: Bringing OpenFlow to Legacy Network Environments
The OpenFlow protocol allows production networking environments such as campus networks, metropolitan networks or R&D networks, to be used as experimental infrastructure hosting, future internet architectures, softwares and protocols, in isolation to the production traffic. During rollout, one practical problem arises with legacy switches that do not support the OpenFlow protocol and need to be...
متن کاملCongestion Control Using OpenFlow in Software Defined Data Center Networks
this paper studies congestion control issue in data center networks and proposes a potential solution based on OpenFlow protocol. A main feature of the emerging data center networks is their performance in hosting different cloud applications and services. Since congestion management is necessary to effectively utilize numerous data center applications, in this paper we present an efficient met...
متن کاملA Packet-In Message Filtering Mechanism for Protection of Control Plane in OpenFlow Switches
Protecting control planes in networking hardware from high rate packets is a critical issue for networks under operation. One common approach for conventional networking hardware is to offload expensive functions onto hard-wired offload engines as ASICs. This approach is inadequate for OpenFlow networks because it restricts a certain amount of flexibility for network control that OpenFlow tries...
متن کامل