POF Protocol Parser

Abstract

Abstract: For the security issues of SDN, the traditional firewalls and antivirus softwares can only prevent unauthorized external intrusions, but have little effect on preventing internal threats such as important information leakage caused by unauthorized modification of switch or controller configurations and flow rules. As the southbound interface of SDN, POF enables the controller to configure and control network behavior. By parsing POF messages, the communication content of SDN can be monitored and internal security problems can be discovered. In this paper, the POF is carefully studied and analyzed, and a protocol parser is designed based on network security audit system, through which the POF message types and key fields can be parsed and identified online, and session logs and operation logs can be generated for storage and display. This helps discover illegal behaviors in time and trace the source of evidence after a cyber security incident occurs. Through experimental tests, the system can achieve at least 30000 connections per second, 460 Mbps throughput, and 530000 packets per second processing performance under the premise of zero packet loss.

Key words: network security audit system, SDN, POF, protocol parsing

CHU Su-hong, LIU Lei, . POF Protocol Parser[J]. Computer and Modernization, 2022, 0(09): 93-98.

References ［31］

［1］	林闯,贾子骁,孟坤. 自适应的未来网络体系架构［J］. 计算机学报, 2012,35（6）:1077-1093.
［2］	黄兵,谭斌,罗鉴,等. 面向业务和网络协同的未来IP网络架构演进［J］. 电信科学, 2021,37（10）:39-46.
［3］	KREUTZ D, RAMOS F M V, VERISSIMO P E, et al. Software-defined networking: A comprehensive survey［J］. Proceedings of the IEEE, 2014,103（1）:14-76.
［4］	〖KG-*3〗SCOTT-HAYWARD S, O’CALLAGHAN G, SEZER S. SDN security: A survey［C］// 2013 IEEE SDN For Future Networks and Services （SDN4FNS）. 2013:1-7.
［5］	夷淑华. 软件定义网络（SDN）及其应用领域的研究［J］. 通讯世界, 2021,28（4）:93-94.
［6］	王鹃,刘世辉,文茹,等. 基于OpenFlow的SDN状态防火墙［J］. 计算机工程与应用, 2018,54（15）:84-90.
［7］	刘梦甜,李伟隆,王守融. 基于SDN的阶段化网络安全态势感知模型的研究和设计［J］. 北京电子科技学院学报, 2018,26（4）:14-20.
［8］	CHICA J, IMBACHI J C, BOTERO J F. Security in SDN: A comprehensive survey［J］. Journal of Network and Computer Applications, 2020,159:1-23.
［9］	SONG H. Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane［C］// Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013:127-132.
［10］	LI S R, HU D Y, FANG W J, et al. Protocol Oblivious Forwarding （POF）: Software-defined networking with enhanced programmability［J］. IEEE Network, 2017,31（2）:58-66.
［11］	李晟如. 软件定义网络中协议无感知转发的关键技术研究［D］. 北京:中国科学技术大学, 2018.
［12］	GOYAL P, GOYAL A. Comparative study of two most popular packet sniffing tools-Tcpdump and wireshark［C］// 2017 9th International Conference on Computational Intelligence and Communication Networks （CICN）. 2017:77-81
［13］	唐志斌. 网络数据采集及安全审计技术研究综述［J］. 网络新媒体技术, 2020,9（1）:11-20．
［14］	HAN L C, GUO Z C, HUANG X Y, et al. A multifunctional full-packet capture and network measurement system supporting nanosecond timestamp and real-time analysis［J］. IEEE Transactions on Instrumentation and Measurement, 2021,70:1-12.
［15］	李传宏. 基于DPDK的高性能数据采集分析关键技术研究［D］. 北京:中国科学院大学, 2021.
［16］	ZHU W J, LI P, LUO B Z, et al. Research and implementation of high performance traffic processing based on intel DPDK［C］// 2018 9th International Symposium on Parallel Architectures, Algorithms and Programming （PAAP）. 2018:62-68.
［17］	任昊哲,年梅. 基于DPDK的高速数据包捕获方法［J］. 计算机系统应用, 2018,27（6）:240-243.
［18］	陈亮,龚俭,徐选. 应用层协议识别算法综述［J］. 计算机科学, 2007,34（7）:73-75.
［19］	OLIVER HAWKINS. Principle and Implementation of Protocol Oblivious Forwarding［EB/OL］. （2012-12-01）［2021-12-12］. https://silo.tips/download/principle-and-implementation-of-protocol-oblivious-forwarding.
［20］	汪强葛,俊强,常坤,等. 基于协议无感知转发技术的信息中心网络：设计、实现与应用［J］. 计算机工程与科学, 2018,40（3）:431-438.
［21］	YU J Z, WANG X Z, SONG J, et al. Forwarding programming in protocol-oblivious instruction set［C］// 2014 IEEE 22nd International Conference on Network Protocols. 2014:577-582.
［22］	曹作伟,陈晓,倪宏. 一种协议无感知交换机的设计与实现［J］. 网络新媒体技术, 2021,10（2）:10-17.
［23］	颜滢钊. 软件定义网络中控制层与基础设备层间通信协议的研究［D］. 北京:北京邮电大学, 2015.
［24］	龙飞. OpenFlow交换机关键技术研究与实现［D］. 长沙:国防科学技术大学, 2012.
［25］	田姣姣. 协议无感知转发交换机测试工具研发［D］. 北京:中国科学院大学, 2018.
［26］	高翔宇. 一种POF控制器的实现与流量管理研究［D］. 合肥:中国科学技术大学, 2016.
［27］	YU J, WANG X. POFSwitch［EB/OL］. （2016-09-01）［2021-12-12］. https://github.com/USTC-INFINITELAB/POFSwitch.
［28］	闫露,邓浩江,陈晓,等. 网络安全审计系统中FTP解析策略研究［J］. 计算机应用与软件, 2017,34（5）:306-310.
［29］	唐志斌,曾学文. 网络数据审计中TDS协议解析器的设计［J］. 网络新媒体技术, 2020,9（5）:55-61.
［30］	冯建文,董剑. 改进的TCP应用层协议在远程实验系统中的应用［J］. 计算机应用与软件, 2018,35（12）:154-158.
［31］	刘静菠,刘嘉勇,唐龙. 基于应用层特征的TCP数据流重组方法研究［J］. 信息安全与通信保密, 2014（5）:111-113.

[1]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. A Fast Failure Recovery Scheme for SDN Based on Flow Aggregation and Congestion Avoidance [J]. Computer and Modernization, 2023, 0(10): 77-83.
[2]	JIANG Hou-hai, ZHUANG Yi, CAO Zi-ning. SDN Reliability Evaluation Algorithm Based on Improved BDD [J]. Computer and Modernization, 2023, 0(09): 64-69.
[3]	LEI Yi-han, CAO Li-feng, HAN Meng-da, HAN Xue. Security Handover Architecture and Method for Software Defined Space-ground#br# Integration Network [J]. Computer and Modernization, 2023, 0(08): 119-126.
[4]	BAO Chun-hui, ZHUANG Yi, GUO Li-ye. Vulnerability Assessment Model of SDN Mobile Network for Service Transmission [J]. Computer and Modernization, 2022, 0(11): 43-51.
[5]	LING Zhi-yuan, CHEN Xiao, SONG Lei, . Flow Table Merging on Programmable Data Planes Based on MAT Model [J]. Computer and Modernization, 2022, 0(07): 74-78.
[6]	WANG Wen-wei, XIAO Jun-bi, CHENG Peng, ZHANG Yue. SDN-based DDoS Attack Defense System [J]. Computer and Modernization, 2021, 0(02): 117-121.
[7]	FENG Dong, CHEN Xiao. Validity Check of Instructions and Actions of POF Entries [J]. Computer and Modernization, 2020, 0(10): 23-30.
[8]	DAI Song, SUN Yan-tao, LIU Qiang, JIA Ze-qun, . Networking Method for SDMANET Based on Multi-mode Radio [J]. Computer and Modernization, 2020, 0(08): 82-88.
[9]	YUAN Jie， ZHANG Min-lei. Research on Fault Recovery Mechanism of Power Information System Based on SDN [J]. Computer and Modernization, 2018, 0(11): 7-.
[10]	TIAN Ye1， SUN Yan-tao1,2， XIONG Ke1,2. A Semi-centralized SDN Routing Strategy in Data Center Network [J]. Computer and Modernization, 2018, 0(01): 95-101.
[11]	ZHAN Han. Research on Distributed SDN Controller Dragonflow Based on OpenStack [J]. Computer and Modernization, 2017, 0(7): 91-94.
[12]	ZHUANG Huai-dong, DU Qing-wei. A Method of Data Center Network Dynamic Traffic Scheduling Based on SDN [J]. Computer and Modernization, 2016, 251(07): 80-86.
[13]	MA Chao1,2, CHENG Li1, KONG Ling-ling3. Performance Analysis of Traffic Anomaly Detection in Cloud-based Software-defined Network [J]. Computer and Modernization, 2015, 0(10): 92-97+102.
[14]	SHEN Qingguo， HUANG Liaoruo， LUO Jian. Analyses of Softwaredefined Network and Its Application [J]. Computer and Modernization, 2014, 0(4): 133-137.