John Sonchack

PhD Student under Johnathan Smith in
Computer Information Systems at the University of Pennsylvania


My research focus is network security at scale: building platforms for scalable, high performance network security applications, and using machine learning and statistics to better understand large scale data gathered from networks.

My main project, OFX (OpenFlow eXtensions) is a framework that allows OpenFlow controller applications to distribute parts of their packet processing and flow set up logic to OpenFlow switches. OFX can greatly improve the performance and scalabiltity of OpenFlow security applications.

OFX is also a great platform for defending the infrastructure of an SDN. We discovered a powerful timing attack in OpenFlow SDNs that allows an adversary to learn sensitive information about a network by analyzing the control plane's response time, but were able to design an OFX module that mitigates the effectiveness of the attack and runs on real OpenFlow switches.

Previously I also built the LESS simulator, an agent-based statistical simulator for testing large scale network security systems. LESS generates synthetic flow records based on parameters derived from anonymized network traces and statistical studies of network threats. These traces can be used to study and compare large scale network security systems, like blacklist generators, botnet detectors, and collaborative anomaly detectors.

I also explored applying collaborative filtering algorithms (think the product recommendation algorithm on Amazon) to IDS rules; our ROCK system recommends IDS rules to network operators by looking for rules that were rated highly by other network operators with similar IDS rule preferences.

Research Interests: Programmable Switches, SDN, High Performance Networking, Network Security, Statistics, Machine Learning, Data Visualization, Simulation, Distributed Systems

Recent Activity

  • (Fall 2016)   I presented our full-length paper on SDN timing attacks at ACSAC 2016.

  • (Fall 2016)   I am on the program committee of next year's SDN-NFV Security Workshop (link). I submitted a short paper to this venue last year on our SDN timing attack and the reviewer feedback and workshop discussions about my paper really helped me crystalize the project. I encourage anyone working on a SDN or security related project to submit a 4 or 6 page position or work-in-progress type paper, the submission deadline is December 19th.

  • (Summer 2016)   I spent the summer working on our SDN timing attack project and a network monitoring application based on OFX that will be in submission soon.

  • (Spring 2016)   I gave a guest lecture on Software-Defined Networking in the graduate level networking class here at UPenn.

  • (Spring 2016)   I presented our work-in-progress on SDN timing attacks at the 2016 SDN-NFV Security Workshop.

  • (Spring 2016)   I presented our full-length paper on OFX at NDSS 2016.

  • (Fall 2015)   I presented a poster on OFX at CCS 2015.

  • (Summer 2015)   I spent the summer working on OFX (OpenFlow eXtension framework), a framework for improving the performance of OpenFlow security applications.



  • Enabling Practical SDN Security Applications with OFX (The OpenFlow eXtension Framework). John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith. Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS).
  • Timing Based Reconniasance and Defense in Software-defined Networks. John Sonchack, Anurag Dubey, Adam J. Aviv, Eric Keller, and Jonathan M. Smith. Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC).
  • Exploring Large Scale Security System Reproducibility with the LESS Simulator. John Sonchack and Adam J. Aviv. Journal of Computer Security (JCS).
  • Timing SDN Control Planes to Infer Network Configurations. John Sonchack, Adam J. Aviv, and Eric Keller. Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Sec).


  • (short paper) OFX: Enabling OpenFlow Extensions for Switch-Level Security Applications. John Sonchack, Adam J. Aviv, Eric Keller, and Jonathan M. Smith. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS).
  • Cross-domain Collaboration for Improved IDS Rule Set Selection. John Sonchack and Adam J. Aviv. Journal of Information Security and Applications 24 (JISA).


  • LESS Is More: Host-Agent Based Simulator for Large-Scale Evaluation of Security Systems. John Sonchack and Adam J. Aviv. Proceedings of ESORICS 2014.


  • Bridging the Data Gap: Data Related Challenges in Evaluating Large Scale Collaborative Security Systems. John Sonchack, Adam J. Aviv, and Johnathan M. Smith. In the proceedings of the 6th Workshop on Cyber Security Evaluation and Testing (CSET).


  • Signature Correlations in Multiple Honeypot Defense System. John Sonchack and Johnathan M. Smith. Future Internet Workshop.

Teaching Experience

Spring 2010, 2011: Lead TA, CIS 551


2011: MS in Computer and Information Science from The University of Pennsylvania

2009: BS in Mathematics with a minor in Computer Science from Villanova University