Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks-Reference-Cited by-同舟云学术

Performance Analysis of Software-Defined Networks to Mitigate Private VLAN Attacks

Published:2023-02-04 Issue:4 Volume:23 Page:1747
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Álvarez David¹^ORCID,Nuño Pelayo¹^ORCID,González Carlos T.¹,Bulnes Francisco G.¹^ORCID,Granda Juan C.¹^ORCID,García-Carrillo Dan¹^ORCID

Affiliation:

1. Department of Computing, University of Oviedo, Campus de Viesques, 33204 Gijón, Asturias, Spain

Abstract

The defence-in-depth (DiD) methodology is a defensive approach usually performed by network administrators to implement secure networks by layering and segmenting them. Typically, segmentation is implemented in the second layer using the standard virtual local area networks (VLANs) or private virtual local area networks (PVLANs). Although defence in depth is usually manageable in small networks, it is not easily scalable to larger environments. Software-defined networks (SDNs) are emerging technologies that can be very helpful when performing network segmentation in such environments. In this work, a corporate networking scenario using PVLANs is emulated in order to carry out a comparative performance analysis on defensive strategies regarding CPU and memory usage, communications delay, packet loss, and power consumption. To do so, a well-known PVLAN attack is executed using simulated attackers located within the corporate network. Then, two mitigation strategies are analysed and compared using the traditional approach involving access control lists (ACLs) and SDNs. The results show the operation of the two mitigation strategies under different network scenarios and demonstrate the better performance of the SDN approach in oversubscribed network designs.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/4/1747/pdf

Reference40 articles.

1. A Survey of Ethernet LAN Security;Kiravuo;IEEE Commun. Surv. Tutorials,2013

2. Guven, E.Y., Yagci, M.Y., Boyaci, A., Yarkan, S., and Aydin, M.A. (2019, January 10–12). A Survey on Backbone Attack. Proceedings of the 2019 7th International Symposium on Digital Forensics and Security (ISDFS), Barcelos, Portugal.

3. Khedri, R., Jones, O., and Alabbad, M. (2017). Lecture Notes in Computer Science, Springer.

4. A Formal Approach to Network Segmentation;Mhaskar;Comput. Secur.,2021

5. Wagner, N., Sahin, C.S., Winterrose, M., Riordan, J., Pena, J., Hanson, D., and Streilein, W.W. (2016, January 6–9). Towards automated cyber decision support: A case study on network segmentation for security. Proceedings of the 2016 IEEE Symposium Series on Computational Intelligence (SSCI), Athens, Greece.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Smart Substation VLAN Configuration Method Based on Improved Search Tree;2024 9th Asia Conference on Power and Electrical Engineering (ACPEE);2024-04-11

2. Analysis of the Performance of Software Defined Networks (SDN) Versus Networks with TCP/IP Architecture;2024 2nd International Conference on Intelligent Data Communication Technologies and Internet of Things (IDCIoT);2024-01-04