{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,25]],"date-time":"2025-10-25T14:19:02Z","timestamp":1761401942771,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,29]],"date-time":"2018-05-29T00:00:00Z","timestamp":1527552000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"the Fundamental Research Funds for the Central Universities","award":["3102017OQD097"],"award-info":[{"award-number":["3102017OQD097"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61502394"],"award-info":[{"award-number":["61502394"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NSFC","award":["61772446"],"award-info":[{"award-number":["61772446"]}]},{"name":"HK PolyU G-UACH"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,29]]},"DOI":"10.1145\/3196494.3196519","type":"proceedings-article","created":{"date-parts":[[2018,5,31]],"date-time":"2018-05-31T13:18:28Z","timestamp":1527772708000},"page":"413-424","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Software-Defined Firewall"],"prefix":"10.1145","author":[{"given":"Shang","family":"Gao","sequence":"first","affiliation":[{"name":"Hong Kong Polytechnic University, Hong Kong, Hong Kong"}]},{"given":"Zecheng","family":"Li","sequence":"additional","affiliation":[{"name":"Hong Kong Polytechnic University, Hong Kong, Hong Kong"}]},{"given":"Yuan","family":"Yao","sequence":"additional","affiliation":[{"name":"Northwestern Polytechnical University &Hong Kong Polytechnic University, Xi'an, China"}]},{"given":"Bin","family":"Xiao","sequence":"additional","affiliation":[{"name":"Hong Kong Polytechnic University, Hong Kong, Hong Kong"}]},{"given":"Songtao","family":"Guo","sequence":"additional","affiliation":[{"name":"Southwest University, Chongqing, China"}]},{"given":"Yuanyuan","family":"Yang","sequence":"additional","affiliation":[{"name":"Stony Brook University, New York, NY, USA"}]}],"member":"320","published-online":{"date-parts":[[2018,5,29]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_7"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Marco Canini Petr Kuznetsov Dan Levin and Stefan Schmid. 2015. A Distributed and Robust SDN Control Plane for Transactional Network Updates Proc. of the IEEE International Conference on Computer Communications (INFOCOM).  Marco Canini Petr Kuznetsov Dan Levin and Stefan Schmid. 2015. A Distributed and Robust SDN Control Plane for Transactional Network Updates Proc. of the IEEE International Conference on Computer Communications (INFOCOM).","DOI":"10.1109\/INFOCOM.2015.7218382"},{"key":"e_1_3_2_1_3_1","unstructured":"Chang Chih-Chung and Lin Chih-Jen. 2017. LIBSVM. https:\/\/www.csie.ntu.edu.tw\/ cjlin\/libsvm\/. (2017).  Chang Chih-Chung and Lin Chih-Jen. 2017. LIBSVM. https:\/\/www.csie.ntu.edu.tw\/ cjlin\/libsvm\/. (2017)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3078861.3084166"},{"key":"e_1_3_2_1_5_1","volume-title":"Security Threats in the Data Plane of Software-Defined Networks","author":"Gao Shang","year":"2018","unstructured":"Shang Gao , Zecheng Li , Bin Xiao , and Guiyi Wei . 2018. Security Threats in the Data Plane of Software-Defined Networks . IEEE Network ( 2018 ). Shang Gao, Zecheng Li, Bin Xiao, and Guiyi Wei. 2018. Security Threats in the Data Plane of Software-Defined Networks. IEEE Network (2018)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Shang Gao Zhe Peng Bin Xiao Aiqun Hu and Kui Ren. 2017. FloodDefender: Protecting Data and Control Plane Resources under SDN-aimed DoS Attacks Proc. of the IEEE International Conference on Computer Communications (INFOCOM).  Shang Gao Zhe Peng Bin Xiao Aiqun Hu and Kui Ren. 2017. FloodDefender: Protecting Data and Control Plane Resources under SDN-aimed DoS Attacks Proc. of the IEEE International Conference on Computer Communications (INFOCOM).","DOI":"10.1109\/INFOCOM.2017.8057009"},{"key":"e_1_3_2_1_7_1","volume-title":"Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Proc. of the Network and Distributed System Security (NDSS).","author":"Hong Sungmin","year":"2016","unstructured":"Sungmin Hong , Robert Baykov , Lei Xu , Srinath Nadimpalli , and Guofei Gu . 2016 . Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Proc. of the Network and Distributed System Security (NDSS). Sungmin Hong, Robert Baykov, Lei Xu, Srinath Nadimpalli, and Guofei Gu. 2016. Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Proc. of the Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23283"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.20"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620749"},{"key":"e_1_3_2_1_11_1","volume-title":"JACKSTRAWS: Picking Command and Control Connections from Bot Traffic USENIX Security Symposium (USENIX Security).","author":"Jacob Gregoire","year":"2011","unstructured":"Gregoire Jacob , Ralf Hund , Christopher Kruegel , and Thorsten Holz . 2011 . JACKSTRAWS: Picking Command and Control Connections from Bot Traffic USENIX Security Symposium (USENIX Security). Gregoire Jacob, Ralf Hund, Christopher Kruegel, and Thorsten Holz. 2011. JACKSTRAWS: Picking Command and Control Connections from Bot Traffic USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_1_12_1","volume-title":"Identifier Binding Attacks and Defenses in Software-Defined Networks Proc. of the USENIX Security Symposium (Security).","author":"Jero Samuel","year":"2017","unstructured":"Samuel Jero , William Koch , Richard Skowyra , Hamed Okhravi , Cristina Nita-Rotaru , and David Bigelow . 2017 . Identifier Binding Attacks and Defenses in Software-Defined Networks Proc. of the USENIX Security Symposium (Security). Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, and David Bigelow. 2017. Identifier Binding Attacks and Defenses in Software-Defined Networks Proc. of the USENIX Security Symposium (Security)."},{"key":"e_1_3_2_1_13_1","volume-title":"Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN Proc. of the European Symposium on Research in Computer Security (ESORICS).","author":"Kim Soyoung","year":"2017","unstructured":"Soyoung Kim , Sora Lee , Geumhwan Cho , Muhammad Ejaz Ahmed , Jaehoon Jeong , and Hyoungshick Kim . 2017 . Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN Proc. of the European Symposium on Research in Computer Security (ESORICS). Soyoung Kim, Sora Lee, Geumhwan Cho, Muhammad Ejaz Ahmed, Jaehoon Jeong, and Hyoungshick Kim. 2017. Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN Proc. of the European Symposium on Research in Computer Security (ESORICS)."},{"key":"e_1_3_2_1_14_1","volume-title":"DELTA: A Security Assessment Framework for Software-Defined Networks Proc. of the Network and Distributed System Security (NDSS).","author":"Lee Seungsoo","year":"2017","unstructured":"Seungsoo Lee , Changhoon Yoon , Chanhee Lee , Seungwon Shin , Vinod Yegneswaran , and Phillip Porras . 2017 . DELTA: A Security Assessment Framework for Software-Defined Networks Proc. of the Network and Distributed System Security (NDSS). Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, and Phillip Porras. 2017. DELTA: A Security Assessment Framework for Software-Defined Networks Proc. of the Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_15_1","volume-title":"TorWard: Discovery of Malicious Traffic Over Tor Proc. of the IEEE International Conference on Computer Communications (INFOCOM).","author":"Ling Zhen","year":"2014","unstructured":"Zhen Ling , Junzhou Luo , Kui Wu , Wei Yu , and Xinwen Fu . 2014 . TorWard: Discovery of Malicious Traffic Over Tor Proc. of the IEEE International Conference on Computer Communications (INFOCOM). Zhen Ling, Junzhou Luo, Kui Wu, Wei Yu, and Xinwen Fu. 2014. TorWard: Discovery of Malicious Traffic Over Tor Proc. of the IEEE International Conference on Computer Communications (INFOCOM)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_3_2_1_17_1","volume-title":"Proc. of the Symposium on Network System Design and Implementation (NSDI).","author":"Perdisci Roberto","year":"2010","unstructured":"Roberto Perdisci , Wenke Lee , and Nick Feamster . 2010 . Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces . In Proc. of the Symposium on Network System Design and Implementation (NSDI). Roberto Perdisci, Wenke Lee, and Nick Feamster. 2010. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In Proc. of the Symposium on Network System Design and Implementation (NSDI)."},{"key":"e_1_3_2_1_18_1","volume-title":"Securing the Software Defined Network Control Layer Proc. of the Network and Distributed System Security (NDSS).","author":"Porras Phillip A","year":"2015","unstructured":"Phillip A Porras , Steven Cheung , Martin W Fong , Keith Skinner , and Vinod Yegneswaran . 2015 . Securing the Software Defined Network Control Layer Proc. of the Network and Distributed System Security (NDSS). Phillip A Porras, Steven Cheung, Martin W Fong, Keith Skinner, and Vinod Yegneswaran. 2015. Securing the Software Defined Network Control Layer Proc. of the Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_19_1","unstructured":"Broadcom. 2017. Broadcom BCM56960 Series. https:\/\/www.broadcom.com\/products\/Switching\/Data-Center\/BCM56960-Series. (2017).  Broadcom. 2017. Broadcom BCM56960 Series. https:\/\/www.broadcom.com\/products\/Switching\/Data-Center\/BCM56960-Series. (2017)."},{"key":"e_1_3_2_1_20_1","unstructured":"Microsoft. 2013. The evolution of Rovnix: Private TCP\/IP stacks. https:\/\/blogs.technet.microsoft.com\/mmpc\/2013\/07\/25\/the-evolution-of-rovnix-private-tcpip-stacks\/. (2013).  Microsoft. 2013. The evolution of Rovnix: Private TCP\/IP stacks. https:\/\/blogs.technet.microsoft.com\/mmpc\/2013\/07\/25\/the-evolution-of-rovnix-private-tcpip-stacks\/. (2013)."},{"key":"e_1_3_2_1_21_1","unstructured":"Open Networking Foundation. 2012. OpenFlow Switch Specification v1.3.0. https:\/\/www.opennetworking.org\/images\/stories\/downloads\/sdn-resources\/onf-specifications\/openflow\/openflow-spec-v1.3.0.pdf. (2012).  Open Networking Foundation. 2012. OpenFlow Switch Specification v1.3.0. https:\/\/www.opennetworking.org\/images\/stories\/downloads\/sdn-resources\/onf-specifications\/openflow\/openflow-spec-v1.3.0.pdf. (2012)."},{"key":"e_1_3_2_1_22_1","unstructured":"RYU SDN Framework Community. 2013. RYU Controller. https:\/\/osrg.github.io\/ryu\/. (2013).  RYU SDN Framework Community. 2013. RYU Controller. https:\/\/osrg.github.io\/ryu\/. (2013)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Seungwon Shin Lei Xu Sungmin Hong and Guofei Gu. 2016. Enhancing Network Security through Software Defined Networking (SDN) Proc. of the International Conference on Computer Communication and Networks (ICCCN).  Seungwon Shin Lei Xu Sungmin Hong and Guofei Gu. 2016. Enhancing Network Security through Software Defined Networking (SDN) Proc. of the International Conference on Computer Communication and Networks (ICCCN).","DOI":"10.1109\/ICCCN.2016.7568520"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516684"},{"key":"e_1_3_2_1_25_1","volume-title":"Enabling Practical Software-defined Networking Security Applications with OFX Proc. of the Network and Distributed System Security (NDSS).","author":"Sonchack John","year":"2016","unstructured":"John Sonchack , Adam J Aviv , Eric Keller , and Jonathan M Smith . 2016 . Enabling Practical Software-defined Networking Security Applications with OFX Proc. of the Network and Distributed System Security (NDSS). John Sonchack, Adam J Aviv, Eric Keller, and Jonathan M Smith. 2016. Enabling Practical Software-defined Networking Security Applications with OFX Proc. of the Network and Distributed System Security (NDSS)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2010.130"},{"key":"e_1_3_2_1_27_1","volume-title":"Wireless MAC Processors: Programming MAC Protocols on Commodity Hardware Proc. of the IEEE International Conference on Computer Communications (INFOCOM).","author":"Tinnirello Ilenia","year":"2012","unstructured":"Ilenia Tinnirello , Giuseppe Bianchi , Pierluigi Gallo , Domenico Garlisi , Francesco Giuliano , and Francesco Gringoli . 2012 . Wireless MAC Processors: Programming MAC Protocols on Commodity Hardware Proc. of the IEEE International Conference on Computer Communications (INFOCOM). Ilenia Tinnirello, Giuseppe Bianchi, Pierluigi Gallo, Domenico Garlisi, Francesco Giuliano, and Francesco Gringoli. 2012. Wireless MAC Processors: Programming MAC Protocols on Commodity Hardware Proc. of the IEEE International Conference on Computer Communications (INFOCOM)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.27"},{"key":"e_1_3_2_1_29_1","volume-title":"SDNShield: Reconciliating Configurable Application Permissions for SDN App Markets Proc. of the IEEE\/IFIP Dependable Systems and Networks (DSN).","author":"Wen Xitao","year":"2016","unstructured":"Xitao Wen , Bo Yang , Yan Chen , Chengchen Hu , Yi Wang , Bin Liu , and Xiaolin Chen . 2016 . SDNShield: Reconciliating Configurable Application Permissions for SDN App Markets Proc. of the IEEE\/IFIP Dependable Systems and Networks (DSN). Xitao Wen, Bo Yang, Yan Chen, Chengchen Hu, Yi Wang, Bin Liu, and Xiaolin Chen. 2016. SDNShield: Reconciliating Configurable Application Permissions for SDN App Markets Proc. of the IEEE\/IFIP Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2005.857113"}],"event":{"name":"ASIA CCS '18: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Incheon Republic of Korea","acronym":"ASIA CCS '18"},"container-title":["Proceedings of the 2018 on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196519","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3196494.3196519","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:39Z","timestamp":1750208919000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3196494.3196519"}},"subtitle":["Enabling Malware Traffic Detection and Programmable Security Control"],"short-title":[],"issued":{"date-parts":[[2018,5,29]]},"references-count":30,"alternative-id":["10.1145\/3196494.3196519","10.1145\/3196494"],"URL":"https:\/\/doi.org\/10.1145\/3196494.3196519","relation":{},"subject":[],"published":{"date-parts":[[2018,5,29]]},"assertion":[{"value":"2018-05-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}