Visible to the public A Hypothesis Testing Framework for Network Security - April 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): P. Brighten Godfrey

Co-PI(s): Matthew Caesar, David Nicol, William Sanders, and Kevin Jin (Illinois Institute of Technology)

This refers to Hard Problems, released November 2012.

This project covers four hard problems:

  • Scalability and composability
  • Policy-governed secure collaboration
  • Predictive security metrics
  • Resilient architectures

Papers published in this quarter as a result of this research. Include title, author(s), venue published/presented, and a short description or abstract. Identify which hard problem(s) the publication addressed. Papers that have not yet been published should be reported in region 2 below.

  • Christopher Hannon, Dong Jin, Chen Chen, Jianhui Wang, Cheol Won Lee and Jong Cheol Moon. "Ultimate Forwarding Resilience in OpenFlow Networks." In Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security), March 2017.
  • Santhosh Prabhu, Mo Dong, Tong Meng, P. Brighten Godfrey, and Matthew Caesar. "Let me rephrase that: Transparent optimization in SDNs." ACM SIGCOMM Symposium on SDN Research (SOSR), April 2017.
  • Soudeh Ghorbani and P. Brighten Godfrey. "COCONUT: Seamless Scale-out of Network Elements." European Conference on Computer Systems (EuroSys), April 2017.
  • Jiaqi Yan, Xin Liu and Dong Jin. "Simulation of a Software-Defined Network as One Big Switch." 2017 ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, to appear.
  • Ning Liu, Adnan Haider, Dong Jin and Xian-He Sun. "A Modeling and Simulation of Extreme-Scale Fat-Tree Networks for HPC Systems and Data Centers," ACM Transactions on Modeling and Computer Simulation (TOMACS), to appear.


In the current quarter, our project progress is centered on addressing two SoS lablet hard problems: scalability and resilient architecture including

  • Developing effective evaluation methodologies for large-scale and complex networked systems using emulation and simulation
    • Released DSSNet software (, a testing and evaluation platform for studying network security in electricity power grid environment
    • Continue to improve the fidelity and scalability of our simulation/emulation testing and evaluation platform, including a new network model abstraction technique that effectively transforms network devices in an SDN-based network to one virtualized switch model.
    • One paper accepted by ACM SIGSIM-PADS'17, and waiting decision of a submitted journal paper (ACM TOMACS)
  • Developing technology to verify network flow congestion to detect cyber threats and human errors
    • Generated doxygen-based documentation of ConVenus, a network congestion verification system; Refined code base, available at
    • Currently working on the extended version of ConVenus to address timing uncertainty
  • Investigating infrastructure-level and application-level approach to apply SDN technologies to make industrial control systems more cyber secure and resilient
    • Developed a resilient network forwarding framework that does not require an SDN controller to maintain connectivity during link and controller failures. In particular, we provide a compile-time recovery strategy that predetermines all backup paths and deploys them proactively
    • Published resilient network forwarding framework in SDN-NFV Security'17, and presented the work in the workshop
    • Developing hardware-in-the-loop SDN simulation testbed, performing validation test, and preparing a manuscript
    • Submitted the final round response for one journal paper (IEEE Transaction of Smart Grid)