Duo: Software Defined Intrusion Tolerant System Using Dual Cluster

Duo: Software Defined Intrusion Tolerant System Using Dual Cluster

An intrusion tolerant system (ITS) is a network security system that is composed of redundant virtual servers that are online only in a short time window, called exposure time. The servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers hav...

Full description

Bibliographic Details
Main Authors: Yongjae Lee, Seunghyeon Lee, Hyunmin Seo, Changhoon Yoon, Seungwon Shin, Hyunsoo Yoon
Format: Article
Language:English
Published: Hindawi-Wiley 2018-01-01
Series:Security and Communication Networks
Online Access:http://dx.doi.org/10.1155/2018/6751042
id doaj-f679e517e5054d499f658c46abe275a2
record_format Article
spelling doaj-f679e517e5054d499f658c46abe275a22020-11-25T01:55:50ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222018-01-01201810.1155/2018/67510426751042Duo: Software Defined Intrusion Tolerant System Using Dual ClusterYongjae Lee0Seunghyeon Lee1Hyunmin Seo2Changhoon Yoon3Seungwon Shin4Hyunsoo Yoon5KAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaKAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaKAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaKAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaKAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaKAIST, 291 Daehak-ro, Yuseong-gu, Daejeon 34141, Republic of KoreaAn intrusion tolerant system (ITS) is a network security system that is composed of redundant virtual servers that are online only in a short time window, called exposure time. The servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting interest in determining exposure time, short for security and long for performance. In other words, the short exposure time can increase security but requires more servers to run in order to process requests in a timely manner. In this paper, we propose Duo, an ITS incorporated in SDN, which can reduce exposure time without consuming computing resources. In Duo, there are two types of servers: some servers with long exposure time (White server) and others with short exposure time (Gray server). Then, Duo classifies traffic into benign and suspicious with the help of SDN/NFV technology that also allows dynamically forwarding the classified traffic to White and Gray servers, respectively, based on the classification result. By reducing exposure time of a set of servers, Duo can decrease exposure time on average. We have implemented the prototype of Duo and evaluated its performance in a realistic environment.http://dx.doi.org/10.1155/2018/6751042
collection DOAJ
language English
format Article
sources DOAJ
author Yongjae Lee
Seunghyeon Lee
Hyunmin Seo
Changhoon Yoon
Seungwon Shin
Hyunsoo Yoon
spellingShingle Yongjae Lee
Seunghyeon Lee
Hyunmin Seo
Changhoon Yoon
Seungwon Shin
Hyunsoo Yoon
Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
Security and Communication Networks
author_facet Yongjae Lee
Seunghyeon Lee
Hyunmin Seo
Changhoon Yoon
Seungwon Shin
Hyunsoo Yoon
author_sort Yongjae Lee
title Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
title_short Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
title_full Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
title_fullStr Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
title_full_unstemmed Duo: Software Defined Intrusion Tolerant System Using Dual Cluster
title_sort duo: software defined intrusion tolerant system using dual cluster
publisher Hindawi-Wiley
series Security and Communication Networks
issn 1939-0114
1939-0122
publishDate 2018-01-01
description An intrusion tolerant system (ITS) is a network security system that is composed of redundant virtual servers that are online only in a short time window, called exposure time. The servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting interest in determining exposure time, short for security and long for performance. In other words, the short exposure time can increase security but requires more servers to run in order to process requests in a timely manner. In this paper, we propose Duo, an ITS incorporated in SDN, which can reduce exposure time without consuming computing resources. In Duo, there are two types of servers: some servers with long exposure time (White server) and others with short exposure time (Gray server). Then, Duo classifies traffic into benign and suspicious with the help of SDN/NFV technology that also allows dynamically forwarding the classified traffic to White and Gray servers, respectively, based on the classification result. By reducing exposure time of a set of servers, Duo can decrease exposure time on average. We have implemented the prototype of Duo and evaluated its performance in a realistic environment.
url http://dx.doi.org/10.1155/2018/6751042
work_keys_str_mv AT yongjaelee duosoftwaredefinedintrusiontolerantsystemusingdualcluster
AT seunghyeonlee duosoftwaredefinedintrusiontolerantsystemusingdualcluster
AT hyunminseo duosoftwaredefinedintrusiontolerantsystemusingdualcluster
AT changhoonyoon duosoftwaredefinedintrusiontolerantsystemusingdualcluster
AT seungwonshin duosoftwaredefinedintrusiontolerantsystemusingdualcluster
AT hyunsooyoon duosoftwaredefinedintrusiontolerantsystemusingdualcluster
_version_ 1724983176369012736

Similar Items