Visible to the public Redundancy for Network Intrusion Prevention Systems (NIPS) - April 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Mike Reiter

Researchers: Victor Heorhiadi, Sheng Liu


Primary:  Resilient Architectures

This work is developing an architecture for the scalable enforcement of network security policies that is resilient to traffic changes and traffic rerouting in response to failures.



  • We conducted a study on the vulnerability of SDN networks to flow reconnaissance attacks.  This study demonstrates how an attacker who can inject flows into a network (possibly with forged addressing information) can infer information about other flows that recently occurred in the network. 
  • We investigated the challenge of composing SDN applications in the SOL framework.  This work demonstrates how SDN applications expressed in a framework such as SOL can be composed automatically and near-optimally, while ensuring that the per-application policies continue to be enforced.