Wanqing You

OpenFlow flow table overflow attacks and countermeasures

Software-defined Network (SDN) is proposed as a new concept in computer networks, which separates the control plane from data plane. And it provides a programmable network architecture that could facilitate network innovation rapidly. OpenFlow is a network protocol that standardizes the communications between OpenFlow controllers and OpenFlow switches. It is considered as an enabler of SDN. The flow table in OpenFlow switches plays a critical role in OpenFlow-based SDN, which stores the rules populated by the controllers for controlling and directing the packet flows in SDN. Nevertheless, they also become a new target of malicious attacks. This paper analyzes the flow table overflow attack, a type of denial of service attacks, and proposes a systematic way to mitigate the overflow in flow table.

A hybrid approach for mobile security threat analysis

Research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area. Static analysis and dynamic analysis constitute two of the most popular types of techniques for security analysis and evaluation; nevertheless, each of them has its strengths and weaknesses. To leverage the benefits of both approaches, we propose a hybrid approach that integrates the static and dynamic analysis for detecting security threats in mobile applications. The key of this approach is the unification of data states and software execution on critical test paths. The approach consists of two phases. In the first phase, a pilot static analysis is conducted to identify potential critical attack paths based on Android APIs and existing attack patterns. In the second phase, a dynamic analysis follows the identified critical paths to execute the program in a limited and focused manner. Attacks shall be detected by checking the conformance of the detected paths with existing attack patterns. The method will report the types of detected attack scenarios based on types of sensitive data that may be compromised, such as web browser cookie.

Web Service-Enabled Spam Filtering with Naïve Bayes Classification

Electronic mail has nowadays become a convenient and inexpensive way for communication regardless of the distance. However, an increasing volume of unsolicited emails is bringing down the productivity dramatically. There is a need for reliable anti-spam filters to separate such messages from legitimate ones. The Naïve Bayesian classifier is suggested as an effective engine to pick out spam emails. We have developed an anti-spam filter that employs this content-based classifier. This statistic-based classifier was trained on Enron Spam Dataset, a well-known spam/legitimate email dataset. We developed this filter as a Web Service, which would consume the emails user uploads and give back the predicted probability that in what degree the given email is spam. This engine was achieved by Rest easy technology, and consists three phases to train pre-labeled emails and then apply Naïve Bays theorem to calculate emails Spamicity.

FlowVisor vulnerability analysis

This paper explored possible vulnerabilities in FlowVisor, SDN virtualized tool, and analyzed the potential isolation issue between multiple virtual slices by FlowVisor. We discovered a security vulnerability of interference between virtual slices in SDN, which leaves holes for potential malicious attacks. We proposed an event handling mechanism to be implemented in FlowVisor to avoid flow space overlapping.

A hybrid analysis for mobile security threat detection

With the rapid advancement of technology today, smartphones become more and more powerful and attract a huge amount of users with new features provided by mobile device operating systems such as Android. However, due to its security vulnerability, hackers and cybercriminals constantly attack Android mobile devices. Thus, research on effective and efficient mobile threat analysis becomes an emerging and important topic in cybersecurity research area, using various security analysis and evaluation strategies such as static analysis and dynamic analysis. In this paper, we propose a hybrid approach which aggregates the static and dynamic analysis for detecting security threat and attack in mobile app. In our approach, we implement the unification of data states and software execution on the critical test path. Our approach has two phases. We first perform the static analysis to identify the possible attack critical path based on Android API and the existing attack patterns, next we perform the dynamic analysis which follows the path to execute the program in a limited and focused scope, and detect the attack possibility by checking conformance of detected path with the existing attack patterns. In the second phase of runtime dynamic analysis, dynamic inspection will report the type of attack scenarios with respect to the type of confidential data leakage, such as web browser cookie, without accessing any real critical and protected data sources in mobile devices.

Software-defined network flow table overflow attacks and countermeasures

Software-defined network (SDN) is proposed as a new concept in computer networks, which separates the control plane from the data plane. And it provides a programmable network architecture that could facilitate rapid network innovation. OpenFlow is a network protocol that standardises the communications between OpenFlow controllers and OpenFlow switches. It is considered as an enabler of SDN. The flow table in OpenFlow switches plays a critical role in OpenFlow-based SDN, which stores the rules populated by the controllers for controlling and directing the packet flows in SDN. Nevertheless, they also become a new target of malicious attacks. This paper analyses the flow table overflow attack, a type of denial of service attacks, and proposes a novel eviction algorithm, dynamic in/out balancing with least frequently used eviction (DIOB/LFU), at service level to defend against the flow table overflow attacks.