{"id":"https://openalex.org/W2892116995","doi":"https://doi.org/10.1145/3243734.3243749","title":"Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era","display_name":"Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2892116995","doi":"https://doi.org/10.1145/3243734.3243749","mag":"2892116995"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243749","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243749","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5023560717","display_name":"Haopei Wang","orcid":"https://orcid.org/0000-0001-9756-8783"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Haopei Wang","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100700745","display_name":"Guangliang Yang","orcid":"https://orcid.org/0000-0003-3244-6376"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guangliang Yang","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006230356","display_name":"Phakpoom Chinprutthiwong","orcid":"https://orcid.org/0000-0002-0177-5524"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Phakpoom Chinprutthiwong","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101775926","display_name":"Lei Xu","orcid":"https://orcid.org/0000-0001-8694-6152"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lei Xu","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033486717","display_name":"Yangyong Zhang","orcid":"https://orcid.org/0000-0003-3324-2949"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yangyong Zhang","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058852421","display_name":"Guofei Gu","orcid":"https://orcid.org/0000-0003-0630-741X"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guofei Gu","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5023560717"],"corresponding_institution_ids":["https://openalex.org/I91045830"],"apc_list":null,"apc_paid":null,"fwci":3.6331,"has_fulltext":false,"cited_by_count":42,"citation_normalized_percentile":{"value":0.94132467,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3","last_page":"16"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.783207893371582},{"id":"https://openalex.org/keywords/forwarding-plane","display_name":"Forwarding plane","score":0.7711561918258667},{"id":"https://openalex.org/keywords/troubleshooting","display_name":"Troubleshooting","score":0.6229269504547119},{"id":"https://openalex.org/keywords/software-defined-networking","display_name":"Software-defined networking","score":0.5265752673149109},{"id":"https://openalex.org/keywords/network-forensics","display_name":"Network forensics","score":0.48454442620277405},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.4642546772956848},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.4608473479747772},{"id":"https://openalex.org/keywords/controller","display_name":"Controller (irrigation)","score":0.4439728260040283},{"id":"https://openalex.org/keywords/root-cause-analysis","display_name":"Root cause analysis","score":0.43908393383026123},{"id":"https://openalex.org/keywords/liveness","display_name":"Liveness","score":0.4319077730178833},{"id":"https://openalex.org/keywords/spoofing-attack","display_name":"Spoofing attack","score":0.41139376163482666},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4039323627948761},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.3930814862251282},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33484557271003723},{"id":"https://openalex.org/keywords/digital-forensics","display_name":"Digital forensics","score":0.25121691823005676},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1527254581451416},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08524271845817566}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.783207893371582},{"id":"https://openalex.org/C10597312","wikidata":"https://www.wikidata.org/wiki/Q5473302","display_name":"Forwarding plane","level":3,"score":0.7711561918258667},{"id":"https://openalex.org/C147494362","wikidata":"https://www.wikidata.org/wiki/Q2078905","display_name":"Troubleshooting","level":2,"score":0.6229269504547119},{"id":"https://openalex.org/C77270119","wikidata":"https://www.wikidata.org/wiki/Q1655198","display_name":"Software-defined networking","level":2,"score":0.5265752673149109},{"id":"https://openalex.org/C50747538","wikidata":"https://www.wikidata.org/wiki/Q7001032","display_name":"Network forensics","level":3,"score":0.48454442620277405},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.4642546772956848},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.4608473479747772},{"id":"https://openalex.org/C203479927","wikidata":"https://www.wikidata.org/wiki/Q5165939","display_name":"Controller (irrigation)","level":2,"score":0.4439728260040283},{"id":"https://openalex.org/C130963320","wikidata":"https://www.wikidata.org/wiki/Q1401207","display_name":"Root cause analysis","level":2,"score":0.43908393383026123},{"id":"https://openalex.org/C15569618","wikidata":"https://www.wikidata.org/wiki/Q3561421","display_name":"Liveness","level":2,"score":0.4319077730178833},{"id":"https://openalex.org/C167900197","wikidata":"https://www.wikidata.org/wiki/Q11081100","display_name":"Spoofing attack","level":2,"score":0.41139376163482666},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4039323627948761},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3930814862251282},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33484557271003723},{"id":"https://openalex.org/C84418412","wikidata":"https://www.wikidata.org/wiki/Q3246940","display_name":"Digital forensics","level":2,"score":0.25121691823005676},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1527254581451416},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08524271845817566},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C77595967","wikidata":"https://www.wikidata.org/wiki/Q3151013","display_name":"Forensic engineering","level":1,"score":0.0},{"id":"https://openalex.org/C6557445","wikidata":"https://www.wikidata.org/wiki/Q173113","display_name":"Agronomy","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3243734.3243749","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243749","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":40,"referenced_works":["https://openalex.org/W82893651","https://openalex.org/W141761747","https://openalex.org/W158224344","https://openalex.org/W1408671314","https://openalex.org/W1486426806","https://openalex.org/W1531996150","https://openalex.org/W1562945126","https://openalex.org/W1675033504","https://openalex.org/W1697123834","https://openalex.org/W1858168446","https://openalex.org/W1882012874","https://openalex.org/W1915915253","https://openalex.org/W1984451560","https://openalex.org/W2020729428","https://openalex.org/W2056616673","https://openalex.org/W2109224931","https://openalex.org/W2115526539","https://openalex.org/W2119026482","https://openalex.org/W2120561608","https://openalex.org/W2122109510","https://openalex.org/W2137845741","https://openalex.org/W2146330317","https://openalex.org/W2147236343","https://openalex.org/W2151135920","https://openalex.org/W2155624544","https://openalex.org/W2160824842","https://openalex.org/W2170646878","https://openalex.org/W2183816381","https://openalex.org/W2295705535","https://openalex.org/W2303191924","https://openalex.org/W2309213158","https://openalex.org/W2408119291","https://openalex.org/W2574415138","https://openalex.org/W2604782394","https://openalex.org/W2605534153","https://openalex.org/W2612205004","https://openalex.org/W2751167560","https://openalex.org/W2766852928","https://openalex.org/W4237793107","https://openalex.org/W4245671428"],"related_works":["https://openalex.org/W2533239677","https://openalex.org/W2140593870","https://openalex.org/W4389545061","https://openalex.org/W3126377002","https://openalex.org/W2903861076","https://openalex.org/W2604576816","https://openalex.org/W2729608596","https://openalex.org/W2913345013","https://openalex.org/W2900020547","https://openalex.org/W3016508785"],"abstract_inverted_index":{"Diagnosing":[0],"network":[1,31,68,149,223],"security":[2,106],"issues":[3],"in":[4,14,40,57,114,221],"traditional":[5,30,61],"networks":[6],"is":[7,10],"difficult.":[8],"It":[9],"even":[11],"more":[12],"frustrating":[13],"the":[15,25,29,37,41,77,86,111,116,126,130,143,161,190,198,213],"emerging":[16],"Software":[17],"Defined":[18],"Networks.":[19],"The":[20],"data/control":[21],"plane":[22,89,120,172,216],"decoupling":[23],"of":[24,129,156,160,183,192],"SDN":[26,58,87,214],"framework":[27],"makes":[28],"troubleshooting":[32],"tools":[33,63],"unsuitable":[34],"for":[35],"pinpointing":[36],"root":[38,127,199],"cause":[39,128],"control":[42,88,117,171,215],"plane.":[43,92],"In":[44],"this":[45],"paper,":[46],"we":[47],"propose":[48],"ForenGuard,":[49],"which":[50,100],"provides":[51,134],"flow-level":[52],"forensics":[53,62],"and":[54,75,80,90,118,124,146,164,185,217],"diagnosis":[55],"functions":[56],"networks.":[59],"Unlike":[60],"that":[64,138,176,195,205],"only":[65],"involve":[66],"either":[67],"level":[69],"or":[70],"host":[71],"level,":[72],"ForenGuard":[73,108,132,157,177,206],"monitors":[74],"records":[76],"runtime":[78,210],"activities":[79,113,184,194],"their":[81],"causal":[82,122,181],"dependencies":[83],"involving":[84],"both":[85,115],"data":[91,119],"Starting":[93],"with":[94],"a":[95,105,135,153],"forwarding":[96],"problem":[97],"(e.g.,":[98],"disconnection)":[99],"could":[101,196],"be":[102,197],"caused":[103],"by":[104],"issue,":[107],"can":[109,178,218],"backtrack":[110],"previous":[112],"through":[121],"relationships":[123,182],"pinpoint":[125],"problem.":[131],"also":[133],"user-friendly":[136],"interface":[137],"allows":[139],"users":[140],"to":[141,167,187,212],"specify":[142],"detection":[144],"point":[145],"diagnose":[147,168],"complicated":[148],"problems.":[150],"We":[151,174],"implement":[152],"prototype":[154],"system":[155],"on":[158],"top":[159],"Floodlight":[162],"controller":[163],"use":[165],"it":[166],"several":[169],"real":[170],"attacks.":[173],"show":[175],"quickly":[179],"display":[180],"help":[186],"narrow":[188],"down":[189],"range":[191],"suspicious":[193],"causes.":[200],"Our":[201],"performance":[202],"evaluation":[203],"shows":[204],"will":[207],"add":[208],"minor":[209],"overhead":[211],"scale":[219],"well":[220],"various":[222],"workloads.":[224]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}