International Journal of Computer Network and Information Security (IJCNIS)
IJCNIS Vol. 9, No. 2, 8 Feb. 2017
Cover page and Table of Contents: PDF (size: 853KB)
Limitations of Passively Mapping Logical Network Topologies
Full Text (PDF, 853KB), PP.1-11
Views: 0 Downloads: 0
Author(s)
Ayodeji J. Akande
1,*
Colin Fidge
1
Ernest Foo
1
Index Terms
Network logical topology, network modeling and mapping, network observability, network monitoring, network traffic analysis, network graph
Abstract
Understanding logical network connectivity is essential in network topology mapping especially in a fast growing network where knowing what is happening on the network is critical for security purposes and where knowing how network resources are being used is highly important. Mapping logical communication topology is important for network auditing, network maintenance and governance, network optimization, and network security. However, the process of capturing network traffic to generate the logical network topology may have a great influence on the operation of the network. In hierarchically structured networks such as control systems, typical active network mapping techniques are not employable as they can affect time-sensitive cyber-physical processes, hence, passive network mapping is required. Though passive network mapping does not modify or disrupt existing traffic, current passive mapping techniques ignore many practical issues when used to generate logical communication topologies. In this paper, we present a methodology which compares topologies from an idealized mapping process with what is actually achievable using passive network mapping and identify some of the factors that can cause inaccuracies in logical maps derived from passively monitored network traffic. We illustrate these factors using a case study involving a hierarchical control network.
Cite This Paper
Ayodeji J. Akande, Colin Fidge, Ernest Foo, "Limitations of Passively Mapping Logical Network Topologies", International Journal of Computer Network and Information Security(IJCNIS), Vol.9, No.2, pp.1-11, 2017. DOI:10.5815/ijcnis.2017.02.01
Reference
[1]Alderson, D., Li, L., Willinger, W. and Doyle, J. C. [2005], ‘Understanding Internet topology: principles, models, and validation’, IEEE/ACM Transactions on Networking 13(6), 1205–1218.
[2]Azodi, A., Cheng, F. and Meinel, C. [2015], ‘Event driven network topology discovery and inventory listing using reams’, Wireless Personal Communications pp. 1–16.
[3]Barbosa, R. R., Sadre, R. and Pras, A. [2012], Difficulties in modeling SCADA traffic: a comparative analysis, in ‘International Conference on Passive and Active Network Measurement’, Springer, pp. 126–135.
[4]Bejerano, Y., Breitbart, Y., Garofalakis, M. and Rastogi, R. [2003], Physical topology discovery for large multi-subnet networks, in ‘INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies’, Vol. 1, IEEE, pp. 342–352.
[5]Breitbart, Y., Garofalakis, M., Martin, C., Rastogi, R., Seshadri, S. and Silberschatz, A. [2000], Topology discovery in heterogeneous IP networks, in ‘INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE’, Vol. 1, IEEE, pp. 265–274.
[6]Bretas, N. G. [1996], ‘Network observability: theory and algorithms based on triangular factorization and path graph concepts’, IEE Proceedings-Generation, Transmission and Distribution 143(1), 123–128.
[7]Castillo, E., Conejo, A. J., Mene ?ndez, J. M. and Jimenez, P. [2008], ‘The observability problem in traffic network models’, Computer-Aided Civil and Infrastructure Engineering 23(3), 208–222.
[8]Cecil,A.[2006],‘A summary of network traffic monitoring and analysis techniques’, Computer Systems Analysis pp. 4–7.
[9]Cisco [2012], ‘Cisco Prime Network 3.10 User Guide’.URL:http://www.cisco.com/c/en/us/td/docs/netmgmt/prime/netw 10/user/guide/CiscoPrimeNetworkU serGuide.pdf
[10]Donnet, B. and Friedman, T. [2007], ‘Internet topol- ogy discovery: a survey’, IEEE Communications Surveys & Tutorials 9(4), 56–69.
[11]Donnet, B., Raoult, P., Friedman, T. and Crovella, M. [2005], Efficient algorithms for large-scale topology discovery, in ‘ACM SIGMETRICS Performance Evaluation Review’, Vol. 33, ACM, pp. 327–338.
[12]Eriksson, B., Barford, P., Nowak, R. and Crovella, M. [2007], Learning network structure from passive measurements, in ‘Proceedings of the 7th ACM SIG- COMM Conference on Internet Measurement’, IMC ’07, ACM, New York, NY, USA, pp. 209–214. URL: http://doi.acm.org/10.1145/1298306.1298335
[13]Gross, J. L. and Yellen, J. [2005], Graph theory and its applications, CRC press.
[14]Hosmer, C. [2015], Python Passive Network Mapping: P2NMAP, Syngress.
[15]Huffaker, B., Plummer, D., Moore, D. and Claffy, K. [2002], Topology discovery by active probing, in ‘Applications and the Internet (SAINT) Workshops, 2002. Proceedings. 2002 Symposium on’, IEEE, pp. 90–96.
[16]Lin, H.C., Lai, H.L. and Lai, S.C. [1999], Automatic link layer topology discovery of IP networks, in ‘Communications, 1999. ICC’ 99. 1999 IEEE International Conference on’, Vol. 2, IEEE, pp. 1034–1038.
[17]Lin, H.C., Lai, S.C. and Chen, P.-W. [1998], An algorithm for automatic topology discovery of IP networks, in ‘Communications, 1998. ICC 98. Conference Record. 1998 IEEE International Conference on’, Vol. 2, IEEE, pp. 1192–1196.
[18]Lowekamp, B., O’Hallaron, D. and Gross, T. [2001], Topology discovery for large Ethernet networks, in ‘ACM SIGCOMM Computer Communication Re- view’, Vol. 31, ACM, pp. 237–248.
[19]Mansfield, G., Ouchi, M., Jayanthi, K., Kimura, Y., Ohta, K. and Nemoto, Y. [1996], Techniques for au- tomated network map generation using SNMP, in ‘INFOCOM’96. Fifteenth Annual Joint Conference of the IEEE Computer Societies. Networking the Next Generation. Proceedings IEEE’, Vol. 2, IEEE, pp. 473–480.
[20]Pandey, S., Choi, M.J., Lee, S.-J. and Hong, J. [2009], IP network topology discovery using SNMP, in ‘Information Networking, 2009. ICOIN 2009. International Conference on’, IEEE, pp. 1–5.
[21]Son, C., Oh, J., Lee, K.H., Kim, K. and Yoo, J. [2008], Efficient physical topology discovery for large OSPF networks, in ‘Network Operations and Management Symposium, 2008. NOMS 2008. IEEE’, IEEE, pp. 325–330.