A new approach for detecting violation of data plane integrity in Software Defined Networks

2021 ◽  
pp. 1-18
Author(s):  
Ghandi Hessam ◽  
Ghassan Saba ◽  
M. Iyad Alkhayat
Keyword(s):  
False Alarms ◽  
Flow Rule ◽  
Security Threats ◽  
Software Defined Networks ◽  
Method Performance ◽  
New Approach ◽  
Flow Table ◽  
Data Plane ◽  
Abnormal Behaviors ◽  
Sdn Controller

The scale of Software Defined Networks (SDN) is expanding rapidly and the demands for security reinforcement are increasing. SDN creates new targets for potential security threats such as the SDN controller and networking devices in the data plane. Violation of data plane integrity might lead to abnormal behaviors of the overall network. In this paper, we propose a new security approach for OpenFlow-based SDN in order to detect violation of switches flow tables integrity and successfully locate the compromised switches online. We cover all aspects of integrity violation including flow rule adding, modifying and removing by an unauthorized entity. We achieve this by using the cookie field in the OpenFlow protocol to put in a suitable digest (hash) value for each flow entry. Moreover, we optimize our method performance by calculating a global digest value for the entire switch’s flow table that decides whether a switch is suspected of being compromised. Our method is also able to determine and handle false alarms that affect the coherence of a corresponding table digest. The implementation is a reactive java module integrated with the Floodlight controller. In addition, we introduce a performance evaluation for three different SDN topologies.

scholarly journals Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli
Keyword(s):  
Network Architecture ◽  
Flow Rule ◽  
Software Defined Network ◽  
Ddos Attacks ◽  
Control Plane ◽  
Ddos Attack ◽  
Flow Table ◽  
Data Plane ◽  
Ddos Detection ◽  
Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

Security Threats in the Data Plane of Software-Defined Networks

IEEE Network ◽  
2018 ◽  
Vol 32 (4) ◽  
pp. 108-113 ◽  
Author(s):  
Shang Gao ◽  
Zecheng Li ◽  
Bin Xiao ◽  
Guiyi Wei
Keyword(s):  
Security Threats ◽  
Software Defined Networks ◽  
Data Plane

IMPLEMENTASI DAN ANALISIS EFEKTIVITAS FIREWALL PADA SOFTWARE DEFINED NETWORK BERBASIS OPENFLOW

2018 ◽  
Vol 4 (2) ◽  
pp. 46-57
Author(s):  
Fathul Muiin ◽  
Henry Saptono
Keyword(s):  
Software Defined Network ◽  
Control Plane ◽  
Flow Table ◽  
Data Plane

Penggunaan akses internet di dunia semakin berkembang, dan selaras dengan perkembangan teknologi jaringan komputer yang semakin kompleks. Oleh karena itu, keamanan data pada sebuah komputer menjadi salah satu bagian yang sangat penting dalam sebuah jaringan. Dan SDN merupakan sebuah solusi untuk menyediakan kebutuhan jaringan komputer saat ini. Software Defined Network (SDN) merupakan pendekatan pada teknologi jaringan yang melakukan penyederhanaan terhadap kontrol dan manajemen jaringan. Pada jaringan ini nantinya akan menggunakan protokol openflow, yang prinsip utamanya memisahkan fungsi control plane dan data plane pada perangkat. Kontrol jaringan pada sebuah controller bersifat programmable, jadi dengan adanya SDN maka jaringan akan mudah diatur dan lebih fleksibel. Implementasi dan analisis firewall ini menggunakan emulator mininet untuk membuat topologi jaringan yang sederhana. Dalam pengujian firewall menggunakan bahasa XML untuk implementasi aliran data, lalu menggunakan aplikasi postman sebagai alat untuk menambahkan flow table baru pada switch, dan controller yang digunakan adalah opendaylight.

scholarly journals A Comparative analysis of the methods used for building Information / Content Centric Networks over Software defined networks

2018 ◽  
Vol 7 (2.3) ◽  
pp. 746
Author(s):  
B Vishnu Priya ◽  
Dr JKR Sastry
Keyword(s):  
Comparative Analysis ◽  
Information Content ◽  
The Internet ◽  
Software Defined Networks ◽  
Huge Amount ◽  
Information Centric Networking ◽  
Data Plane ◽  
Building Information ◽  
Static Nature

Ability to transfer huge amount of content to the target is the present-day requirements of the users which is not being used through internet-based protocol due to static nature of the internet. Software defined networks (SDN) provides the flexibility to implement any architecture as the control and data plane are separated. Information / content centric networks (ICN / CCN) can be implemented using SDN. The requirement of the massive delivery of the content can be archived through ICN/CCN.In this paper a comparative analysis of the methods used for building information centric networking ICN / CCN over software defined networks has been presented. The areas of research that needs to be undertaken further have also been cited in the paper. 

scholarly journals Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey

2020 ◽  
Vol 12 (9) ◽  
pp. 147 ◽  
Author(s):  
Babangida Isyaku ◽  
Mohd Soperi Mohd Zahid ◽  
Maznah Bte Kamat ◽  
Kamalrulnizam Abu Bakar ◽  
Fuad A. Ghaleb
Keyword(s):  
Large Scale ◽  
Network Performance ◽  
Software Defined Networking ◽  
Cloud Services ◽  
Future Research ◽  
Control Plane ◽  
Processing Load ◽  
Flow Table ◽  
Data Plane ◽  
Large Scale Networks

Software defined networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane. The data plane is composed of forwarding elements called switches and the control plane is composed of controllers. SDN is gaining popularity from industry and academics due to its advantages such as centralized, flexible, and programmable network management. The increasing number of traffics due to the proliferation of the Internet of Thing (IoT) devices may result in two problems: (1) increased processing load of the controller, and (2) insufficient space in the switches’ flow table to accommodate the flow entries. These problems may cause undesired network behavior and unstable network performance, especially in large-scale networks. Many solutions have been proposed to improve the management of the flow table, reducing controller processing load, and mitigating security threats and vulnerabilities on the controllers and switches. This paper provides comprehensive surveys of existing schemes to ensure SDN meets the quality of service (QoS) demands of various applications and cloud services. Finally, potential future research directions are identified and discussed such as management of flow table using machine learning.

Sign in / Sign up

Export Citation Format

Share Document