A Method for Acquiring Network Information from Linux Memory Image in Software-Defined Networking

Shumian Yang,
Lianhai Wang,
Shuhui Zhang,
Dawei Zhao,
Lijuan Xu,

Abstract


Software defined network (SDN) is a novel network architecture which separates the control plane from the data plane of a network. Owing to its openness, programmability and centralized control, SDN accelerates the development of network technology. However, it also brings new security problems, such as SDN control security, external distributed denial of service (DDoS) attacks and the northbound-southbound interface security. Aiming at the various security attack problems in SDN, the physical memory forensic analysis method is applied to this new framework of SDN, which can extract and analyze the digital evidence including running status of the computer, the behaviour characteristics of the user, network information, opened file and register. The method in this paper mainly obtains the network information from the physical memory image file in real-time, including the address resolution protocol (ARP), network configuration information, and the network connection information. It does not depend on the kernel symbol table and system version. We have extracted the network information under a wide range of operating system versions. Finally, the method is verified on the ubuntukylin 14.04 system, by obtaining various network information, and the experiment results show that the method has high accuracy and effectiveness on comparing with the Volatility tool.


Citation Format:
Shumian Yang, Lianhai Wang, Shuhui Zhang, Dawei Zhao, Lijuan Xu, "A Method for Acquiring Network Information from Linux Memory Image in Software-Defined Networking," Journal of Internet Technology, vol. 21, no. 3 , pp. 899-908, May. 2020.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314  E-mail: jit.editorial@gmail.com