HogMap: Using SDNs to incentivize collaborative security monitoring

Xiang Pan, Vinod Yegneswaran, Yan Chen, Phillip Porras, Seungwon Shin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (I) intelligent in-place filtering of malicious traffic, (II) dynamic migration of interesting and extraordinary traffic and (III) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.

Original languageEnglish (US)
Title of host publicationSDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016
PublisherAssociation for Computing Machinery, Inc
Pages7-12
Number of pages6
ISBN (Electronic)9781450340786
DOIs
StatePublished - Mar 11 2016
Event2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016 - New Orleans, United States
Duration: Mar 11 2016 → …

Publication series

NameSDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016

Other

Other2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016
Country/TerritoryUnited States
CityNew Orleans
Period3/11/16 → …

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Information Systems

Fingerprint

Dive into the research topics of 'HogMap: Using SDNs to incentivize collaborative security monitoring'. Together they form a unique fingerprint.

Cite this