Generation of SDN policies for protecting android environments based on automata learning

Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, and Stephan Merz

Abstract

Software-defined networking offers new opportunities for protecting end users and their applications. In that context, dedicated chains can be built to combine different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. To configure these security chains, it is important to have an adequate model of the patterns that end user applications exhibit when accessing the network. We propose an automated strategy for learning the networking behavior of end applications using algorithms for generating finite state models. These models can be exploited for inferring SDN policies ensuring that applications respect the observed behavior: such policies can be formally verified and deployed on SDN infrastructures in a dynamic and flexible manner. Our solution is prototypically implemented as a collection of Python scripts that extend our Synaptic verification package. The performance of our strategy is evaluated through extensive experimentations and is compared to the Synoptic and Invarimint automata learning algorithms.

Available as: PDF

Reference

@inproceedings{schnepf:generation,
  author    = {Nicolas Schnepf and R{\'e}mi Badonnel and
               Abdelkader Lahmadi and Stephan Merz},
  title     = {Generation of {SDN} policies for protecting android environments based
               on automata learning},
  booktitle = {Network Operations and Management Symposium, {NOMS 2018}},
  pages     = {1--7},
  publisher = {{IEEE}},
  year      = {2018},
  address   = {Taipei, Taiwan},
}