ABSTRACT:
Network
Reachability is an important characteristic for understanding end-to-end
network behavior and helps in detecting violations of security policies across
the network. While quantifying network reachability within one administrative
domain is a difficult problem in itself, performing the same computation across
a network spanning multiple administrative domains presents a novel challenge.
The problem of quantifying network reachability across multiple administrative
domains is more difficult because the privacy of security policies of
individual domains is a serious concern and needs to be protected through this
process. In this paper, we propose the first cross-domain privacy-preserving
protocol for quantifying network reachability. Our protocol constructs
equivalent representations of the Access Control List (ACL) rules and
determines network reachability while preserving the privacy of the individual
ACLs. This protocol can accurately determine the network reachability along a
network path through different administrative domains. We have implemented and
evaluated our protocol on both real and synthetic ACLs. The experimental
results show that the online processing time of an ACL containing thousands of
rules is less than 25 s. Given two ACLs, each containing thousands of rules,
the comparison time is less than 6 s, and the total communication cost is less
than 2100 kB.
AIM
The main aim of this project is to create a
protocol called Access Control List (ACL) which contains a set of rules and determines network reachability
while preserving the privacy of the individual ACLs. This protocol can
accurately determine the network reachability along a network path through
different administrative domains
SCOPE
The
Scope of this project is to implement and evaluate our protocol on both real
and synthetic ACLs.
EXISTING
SYSTEM
The
current practice of reachability management is still “trial and error” due to
the lack of network reachability analysis and quantification tools. This
approach leads to significant number of configuration errors and has been shown
to be the major cause of failure for Internet services. Industry research also
shows that a significant percentage of human effort and monetary resources are
employed in maintaining the operational status of the network. The
current practice of determining network reachability through probing has two
major drawbacks. First, probing is expensive because it needs to generate and
send a significant amount of probe packets. Second, probing is inaccurate,
e.g., it cannot probe the open ports with no server listening on them. Due to
these drawbacks, many approaches were proposed to address the reachability
problem The main assumption in all these approaches is that the reachability
restriction information of each network device and configuration state are
known to a central network analyst, who is quantifying the network
reachability. However, in practice, it is common that the network devices along
a given path belong to different domains where the reachability restriction
information cannot be shared with others including the network analyst.
DISADVANTAGES:
- The problem of quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies of individual domains is a serious concern and needs to be protected
- Quantifying network reachability within one administrative domain is a difficult problem in itself, performing the same computation across a network spanning multiple administrative domains presents a novel challenge
PROPOSED SYSTEM
In
this paper, to be presented cross-domain quantification approach of network
reachability can be very useful for many applications. We illustrate this using
two example scenarios. First, a global view of the network reachability can
help ISPs to define better QoS policies to improve traffic management. For
example, the knowledge of the different paths through which a particular type
of traffic is allowed by the ACLs can help the ISPs to maintain a rated list of
the best-quality paths in case of path failures. Second, since network
reachability is crucial for many companies that provide their services over the
Internet, performing a privacy-preserving computation of the network
reachability could become a new business for the ISPs and other parties
involved in this computation. The ISPs can answer the reachability queries of
these companies using this global knowledge and even provide some information
regarding the quality of various paths.
ADVANTAGES
- Collecting such information is very difficult due to the privacy and security concerns .
- The explosion of the Internet has caused an increase in the complexity and sophistication of these devices, thus making reachability analysis computationally expensive and error-prone
SYSTEM
ARCHITECTURE:
SYSTEM
CONFIGURATION:-
Hardware Requirements
- Speed - 1.1 Ghz
- Processor - Pentium IV
- RAM - 512 MB (min)
- Hard Disk - 40 GB
- Key Board - Standard Windows Keyboard
- Mouse - Two or Three Button Mouse
- Monitor - LCD/LED
Software
requirements
- Operating System : Windows 7
- Front End : ASP.Net and C#
- Database : MSSQL
- Tool : Microsoft Visual studio
REFERENCE:
Fei
Chen, Bezawada, B. , Liu, A.X.. “Privacy-Preserving Quantification of
Cross-Domain Network Reachability”, IEEE/ACM Transactions on Networking Volume:23 ,
Issue: 3 JUNE 2014.
No comments:
Post a Comment