Abstract
A quick and intuitive understanding of network reachability is of great significance for network optimization and network security management. In this paper, we propose a query engine called NREngine for network reachability when considering the network security policies. NREngine constructs a knowledge graph based on the network security policies and designs an algorithm over the graph for the network reachability. Furthermore, for supporting a user-friendly interface, we also propose a structural query language named NRQL in NREngine for the network reachability query. The experimental results show that NREngine can efficiently support a variety of network reachability query services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Xie, G.G., Zhan, J., Maltz, D.A., Zhang, H., Greenberg, A.: On static reachability analysis of IP networks. In: IEEE INFOCOM, pp. 2170–2183 (2005)
Zou, L., Mo, J., Chen, L.: gStore: answering SPARQL queries via subgraph matching. VLDB Endow. 4(8), 482–493 (2011)
Zou, L., Özsu, M.T., Chen, L., Shen, X., Huang, R., Zhao, D.: gStore: a graph-based SPARQL query engine. VLDB J. 23(4), 565–590 (2014)
McBride, B.: Jena: implementing the RDF model and syntax specification. In: SemWeb (2001)
Broekstra, J., Kampman, A., van Harmelen, F.: Sesame: a generic architecture for storing and querying RDF and RDF schema. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, pp. 54–68. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-48005-6_7
Erling, O., Mikhailov, I.: Virtuoso: RDF support in a native RDBMS. In: de Virgilio, R., Giunchiglia, F., Tanca, L. (eds.) Semantic Web Information Management, pp. 501–519. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04329-1_21
Zhang, B., Eugene, T.S., Wang, N.G.: Reachability monitoring and verification in enterprise networks. In: ACM SIGCOMM, pp. 459–460 (2008)
Benson, T., Akella, A., Maltz, D.A.: Mining policies from enterprise network configuration. In: The 9th ACM SIGCOMM Conference on Internet Measurement Conference, pp. 136–142 (2009)
Khakpour, A.R., Liu, A.X.: Quantifying and querying network reachability. In: the 29th International Conference on Distributed Computing Systems (ICDCS), pp. 817–826 (2010)
Khakpour, A.R., Liu, A.X.: Quantifying and verifying reachability for access controlled networks. IEEE/ACM Trans. Netw. (TON) 21(2), 551–565 (2013)
Chen, F., Bezawada, B., Liu, A.X.: Privacy-preserving quantification of cross-domain network reachability. IEEE/ACM Trans. Netw. (TON) 23(3), 946–958 (2015)
Hong, S.C., Ju, H., Hong, J.W.K.: Network reachability-based IP prefix hijacking detection. Int. J. Netw. Manag. 23(1), 1–15 (2013)
Liang, R., Zhuge, H., Jiang, X., Zeng, Q., He, X.: Scaling hop-based reachability indexing for fast graph pattern query processing. IEEE Trans. Knowl. Data Eng. (TKDE) 26(11), 2803–2817 (2014)
Rao, Z.C., Pu, T.Y.: Decision diagram-based modeling of network reachability. Appl. Mech. Mater. 513, 1779–1782 (2014)
Li, Y., Luo, Y., Wei, Z., Xia, C., Liang, X.: A verification method of enterprise network reachability based on topology path. In: The 2013 Ninth International Conference on Computational Intelligence and Security, pp. 624–629 (2013)
Cuzzocrea, A., Serafino, P.: A reachability-based theoretical framework for modeling and querying complex probabilistic graph data. In: IEEE International Conference on Systems, pp. 1177–1184 (2012)
Jamil, H.: A novel knowledge representation framework for computing sub-graph isomorphic queries in interaction network databases. In: 2009 21st IEEE International Conference on Tools with Artificial Intelligence, pp. 131–138 (2009)
Li, W., Qin, Z., Li, K., Yin, H., Lu, O.: A novel approach to rule placement in software-defined networks based on OPTree. IEEE Access 7(1), 8689–8700 (2019)
Arenas, M., Gutiérrez, C., Pérez, J.: On the semantics of SPARQL. In: de Virgilio, R., Giunchiglia, F., Tanca, L. (eds.) Semantic Web Information Management, pp. 281–307. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04329-1_13
Taylor, D.E., Turner, J.S.: Classbench: a packet classification benchmark. IEEE/ACM Trans. Netw. 15(3), 499–511 (2007)
Acknowledgements
This work is partially supported by The National Key Research and Development Program of China under grant 2018YFB1003504, the National Natural Science Foundation of China under Grant (No. U20A20174, 61772191), Science and Technology Key Projects of Hunan Province (2019WK2072, 2018TP3001, 2018TP2023, 2015TP1004), and ChangSha Science and Technology Project (kq2006029).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, W., Zou, L., Peng, P., Qin, Z. (2021). NREngine: A Graph-Based Query Engine for Network Reachability. In: Jensen, C.S., et al. Database Systems for Advanced Applications. DASFAA 2021 International Workshops. DASFAA 2021. Lecture Notes in Computer Science(), vol 12680. Springer, Cham. https://doi.org/10.1007/978-3-030-73216-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-73216-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-73215-8
Online ISBN: 978-3-030-73216-5
eBook Packages: Computer ScienceComputer Science (R0)