Study of Application of Software Defined Network to  Real Networks

This paper presents the application of Software Defined Network to Real Networks. Software Defined Networking is an intriguing concept in the networking and communication industry which provides various uses, from productive network operations to reduced costs in the networking field. The SDN architecture provides the network administrators to implement new network services and easy management of the network .This operation is done by separating the data plane and control plane that makes decision .The data plane forwards packet and control plane manages traffic. In this paper we are studying the application of SDN to Real Networks such as SDN for Internet of Things, Artificial Intelligence, 5G Networks, Wireless Networks.

Download Full-text

Performance Evaluation of Pox Controller for Software Defined Networks

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1139.0789s219 ◽

2019 ◽

Vol 8 (9S2) ◽

pp. 679-684

Keyword(s):

Performance Metrics ◽

Network Control ◽

Network Services ◽

Software Defined Network ◽

Software Defined Networks ◽

Control Plane ◽

Data Plane ◽

Pox Controller ◽

New Challenges ◽

And Control

In traditional network the coupling of data plane and control plane makes the data forwarding, processing and managing of the network hard and complex. Here each switch takes its own decision, makes the network logically decentralized. To overcome the limitations in traditional network the Engineers developed a new model network known as Software Defined Network (SDN). This network the control plane is decoupled from the data plane making it less complex. It moreover has a logically centralized approach unlike the existing network. This separation enables the network control to be directly programmable and the architecture to be abstracted for applications and network services. SDN platform provides advantages like programmability, task virtualization and easy management of the network. However, it faces new challenges towards scalability and performances. It is a must to understand and analyze the performances of SDN for implementation and deployment in live network environments. SDN working with POX is studied. This paper analyses the working of POX controller and evaluates the performance metrics of POX controller for SDN environment. The emulation is done using the Emulation software

Download Full-text

Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.8.10488 ◽

2018 ◽

Vol 7 (2.8) ◽

pp. 472 ◽

Cited By ~ 1

Author(s):

Shruti Banerjee ◽

Partha Sarathi Chakraborty ◽

. .

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Paper Machine ◽

Software Defined Network ◽

Distributed Denial Of Service ◽

Control Plane ◽

Data Plane ◽

And Control

SDN (Software Defined Network) is rapidly gaining importance of ‘programmable network’ infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole.

Download Full-text

A Comparison of Algorithms for Controller Replacement in Software Defined Networking

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i3.4.14665 ◽

2018 ◽

Vol 7 (3.4) ◽

pp. 1

Author(s):

Anitson T T ◽

Smitha Vinod

Keyword(s):

Software Defined Networking ◽

Main Issue ◽

Network Services ◽

Software Defined Network ◽

Control Plane ◽

Comparison Of Algorithms ◽

The Cost ◽

Network Administrators

Software Defined Network (SDN) partitions the control plane and the information plane to decrease the cost and for increasing the capacity for upgrading, and this will be helpful for the network administrators to manage the network services. It’s the location where the controller exists. One of the main issue in Software Defined Networking is the location of the controllers as this could affect network execution and cost. In this paper, we have done an analysis on some algorithms that have been used for minimizing the number of controllers to reduce the latency, delay, etc. while placing a controller with the consideration of communication among the controller and the nodes.

Download Full-text

IMPLEMENTASI DAN ANALISIS EFEKTIVITAS FIREWALL PADA SOFTWARE DEFINED NETWORK BERBASIS OPENFLOW

Jurnal Informatika Terpadu ◽

10.54914/jit.v4i2.153 ◽

2018 ◽

Vol 4 (2) ◽

pp. 46-57

Author(s):

Fathul Muiin ◽

Henry Saptono

Keyword(s):

Software Defined Network ◽

Control Plane ◽

Flow Table ◽

Data Plane

Penggunaan akses internet di dunia semakin berkembang, dan selaras dengan perkembangan teknologi jaringan komputer yang semakin kompleks. Oleh karena itu, keamanan data pada sebuah komputer menjadi salah satu bagian yang sangat penting dalam sebuah jaringan. Dan SDN merupakan sebuah solusi untuk menyediakan kebutuhan jaringan komputer saat ini. Software Defined Network (SDN) merupakan pendekatan pada teknologi jaringan yang melakukan penyederhanaan terhadap kontrol dan manajemen jaringan. Pada jaringan ini nantinya akan menggunakan protokol openflow, yang prinsip utamanya memisahkan fungsi control plane dan data plane pada perangkat. Kontrol jaringan pada sebuah controller bersifat programmable, jadi dengan adanya SDN maka jaringan akan mudah diatur dan lebih fleksibel. Implementasi dan analisis firewall ini menggunakan emulator mininet untuk membuat topologi jaringan yang sederhana. Dalam pengujian firewall menggunakan bahasa XML untuk implementasi aliran data, lalu menggunakan aplikasi postman sebagai alat untuk menambahkan flow table baru pada switch, dan controller yang digunakan adalah opendaylight.

Download Full-text

Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.6.10065 ◽

2018 ◽

Vol 7 (2.6) ◽

pp. 46 ◽

Cited By ~ 2

Author(s):

Sanjeetha R ◽

Shikhar Srivastava ◽

Rishab Pokharna ◽

Syed Shafiq ◽

Dr Anita Kanavalli

Keyword(s):

Network Architecture ◽

Flow Rule ◽

Software Defined Network ◽

Ddos Attacks ◽

Control Plane ◽

Ddos Attack ◽

Flow Table ◽

Data Plane ◽

Ddos Detection ◽

Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

Download Full-text

Software Defined Networks—A Network Programme and Its Dynamic Services

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.8990 ◽

2020 ◽

Vol 17 (9) ◽

pp. 3927-3933

Author(s):

B. Vineetha ◽

M. Sumana

Keyword(s):

Control System ◽

Load Balancing ◽

Network Services ◽

Software Defined Networks ◽

Control Plane ◽

Service Function ◽

Flow Through ◽

And Control ◽

Dynamic Services ◽

Network Component

As network component is increasing, the managing and controlling systems from a central based control system becomes very complex. The technology used to resolve this is called Software Defined Networks (SDN) which helps to manage and control the system through programs. SDN stands as a developing technique that divides single network as data and control plane. The benefit of SDN are provides more performance, managing the packet flow through diverse dealer’s organization components. The complexities continued to raise when implementing network services both from technical and organizational views. Here in this paper generally focuses on how organizations can deal with the challenge of introducing service chaining and developing critical network services by using the technology SDN and also delivering diverse services of network to user in one system thus customers can fulfill their desire of services based on requests. The “Service Function Chaining” facility of SDN provides services like Load Balancing, Video Optimizing and Firewall.

Download Full-text

Cloud Based Data Protection in Anonymously Controlled SDN

Security and Communication Networks ◽

10.1155/2018/9845426 ◽

2018 ◽

Vol 2018 ◽

pp. 1-8 ◽

Cited By ~ 1

Author(s):

Jian Shen ◽

Jun Shen ◽

Chin-Feng Lai ◽

Qi Liu ◽

Tianqi Zhou

Keyword(s):

Data Protection ◽

The Other ◽

Software Defined Network ◽

Storage Space ◽

Control Plane ◽

Conventional Model ◽

Novel Structure ◽

Data Plane ◽

Single Controller ◽

The One

Nowadays, Software Defined Network (SDN) develops rapidly for its novel structure which separates the control plane and the data plane of network devices. Many researchers devoted themselves to the study of such a special network. However, some limitations restrict the development of SDN. On the one hand, the single controller in the conventional model bears all threats, and the corruption of it will result in network paralysis. On the other hand, the data will be increasing more in SDN switches in the data plane, while the storage space of these switches is limited. In order to solve the mentioned issues, we propose two corresponding protocols in this paper. Specifically, one is an anonymous protocol in the control plane, and the other is a verifiable outsourcing protocol in the data plane. The evaluation indicates that our protocol is correct, secure, and efficient.

Download Full-text

ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

International Journal of Computing ◽

10.47839/ijc.19.3.1889 ◽

2020 ◽

pp. 399-410

Author(s):

Jawad Dalou' ◽

Basheer Al-Duwairi ◽

Mohammad Al-Jarrah

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Point Of View ◽

Software Defined Networks ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Control Plane ◽

Data Plane ◽

And Control ◽

Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

Download Full-text

An Efficient Zero-Knowledge Proof Based Identification Scheme for Securing Software Defined Network

Scalable Computing Practice and Experience ◽

10.12694/scpe.v20i1.1473 ◽

2019 ◽

Vol 20 (1) ◽

pp. 181-189

Author(s):

Hamza Mutaher Alshameri ◽

Pradeep Kumar

Keyword(s):

Software Defined Network ◽

Control Plane ◽

Zero Knowledge ◽

Identification Scheme ◽

Security Issues ◽

Other Information ◽

And Control ◽

Network Device ◽

Sdn Controller ◽

Zero Knowledge Proof

Software Defined Networking (SDN) is being extensively adopted by researchers and enterprise networks due to its feature of decoupling data and control planes from network device which enables them to implement new networking ideas. Communication between data and control planes faces various security issues where many users in data plane approach controller device in control plane to gain networking policies. In this paper, we proposed an efficient Zero-knowledge proof based identification scheme for securing SDN controller during data and control plane communication. This scheme ensures that only users who prove their knowledge about secrecy without revealing actual secret or any other information about it can communicate with controller. The computation cost was calculated to validate efficiency of the proposed work and compared with scheme that works in the basis of Kerberos authentication protocol.

Download Full-text

SSG - A Solution to Prevent Saturation Attack on the Data Plane and Control Plane in SDN/Openflow Network

Research and Development on Information and Communication Technology ◽

10.32913/mic-ict-research.v2019.n1.833 ◽

2019 ◽

Vol 2019 (1) ◽

Author(s):

Đặng Văn Tuyên ◽

Trương Thu Hương

Keyword(s):

Network Security ◽

Control Plane ◽

Number Of Solutions ◽

Tcp Protocol ◽

Security Challenges ◽

Packet Latency ◽

Data Plane ◽

And Control ◽

Tcp Connections ◽

Resource Saturation

The SDN/Openflow architecture opens new opportunities for effective solutions to address network security problems; however, it also brings new security challenges compared to the traditional network. One of those is the mechanism of reactive installation for new flow entries that can make the data plane and control plane easily become a target for resource saturation attacks with spoofing technique such as SYN flood. There are a number of solutions to this problem such as Connection Migration (CM) mechanism in Avant-Guard solution. However, most of them increase load to the commodity switches and/or split benign TCP connections, which can cause increase of packet latency and disable some features of the TCP protocol. This paper presents a solution called SDN-based SYN Flood Guard (SSG), which takes advantages of Openflow’s ability to match TCP Flags fields and the RST Cookie technique to authenticate three-way handshake processes of TCP connections in a separated device from SDN/Openflow switches. The experiment results reveal that SSG solves the aforementioned problems and improves the SYN Flood.

Download Full-text