SDX-based security collaboration: Extending the security reach beyond network domains


Traditionally, internal networks rely on border firewalls as the first line of defence against untrusted external networks. However, customized security measures can begin further away. We have already noticed proliferating deployment of Software Defined Networking (SDN) in internal networks, and even further within the Internet core, at Internet Exchange Points (IXP). Software-Defined Internet Exchange Points (SDX) enable flexible and programmable control over the delivery of wide area network traffic. Therefore, SDX\'s are an appealing place to introduce security actions that span beyond the edge of internal networks. By extending security actions to SDX\'s, dedicated border security appliances would no longer be as overwhelmed and wide area network links would no longer deliver traffic only to be dropped at the edge of the destination networks. In this paper we present a hierarchical, logically centralized architecture enabling SDX security policies to be expressed by the Autonomous Systems (AS) as intents. Through SDX collaboration, these security intents can be compiled and installed at the closest available SDX relative to the offending source. Moreover, parallel intent compilation over multiple selected SDX\'s can be simultaneously executed, thus enabling a distributed security response activated at the Internet core. This approach that relies on SDX\'s allows faster adoption in contrast to changing all routers, or the Internet architecture. This proposed security collaboration could be used to address massive internet blackouts caused by DDoS attacks with the capacity to match the distributed force of the attacks today and future ones of even greater scale.



Software And Hardware

• Hardware: Processor: i3 ,i5 RAM: 4GB Hard disk: 16 GB • Software: operating System : Windws2000/XP/7/8/10 Anaconda,jupyter,spyder,flask Frontend :-python Backend:- MYSQL