scholarly journals SGS: Safe-Guard Scheme for Protecting Control Plane Against DDoS Attacks in Software-Defined Networking

IEEE Access ◽  
2019 ◽  
Vol 7 ◽  
pp. 34699-34710 ◽  
Author(s):  
Yang Wang ◽  
Tao Hu ◽  
Guangming Tang ◽  
Jichao Xie ◽  
Jie Lu
Keyword(s):  
Software Defined Networking ◽  
Ddos Attacks ◽  
Control Plane

scholarly journals A Multi-Criteria based Software Defined Networking System Architecture for DDoS-Attack Mitigation

2017 ◽  
Author(s):  
Tuyen Dang-Van ◽  
Huong Truong-Thu
Keyword(s):  
Network Architecture ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Buffer Size ◽  
Ddos Attacks ◽  
Control Plane ◽  
Network Resource ◽  
Attack Mitigation ◽  
Sdn Controller

Nowadays, Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled in a separate Control Plane (i.e., SDN controller). In a specific aspect, employing SDN in a network offers an attractive network security solution due to its flexibility in building and adding more new software security rules. From another perspective, attack prediction and mitigation, especially for Distributed Denial of Service (DDoS) attacks, are still challenges in SDN environments since a SDN control system works probably slower than a non-SDN one and theSDN controller can become a target of attacks. In this article, at first, we analyze a real traffic use case in order to derive DDoS indicators and thresholds. Secondly, we design an Openflow/SDN-based Attack Mitigation Architecture that is able to quickly mitigate DDoS attacks on the fly. The design solves the existing problems of the Openflow protocol, reducing the traffic volume traversing over the interface between the data plane (switch) and the control plane (SDN controller) and decreasing the buffer size at the Openflow switch. Applying our proposed Fuzzy Logic-based DDoS Mitigation algorithm that deploys multiple criteria for DDoS detection - FDDoM, the system demonstrates the ability to detect and filter 97% of attack flows and reach a False Positive Rate of 5% that are acceptable figures in real system management. The results also show that the network resource which is required to cope and maintain flow entries is 50% reduced during attack time.

Software-Defined Networking (SDN) and 5G Network: The Role of Controller Placement for Scalable Control Plane

2020 ◽  
Author(s):  
Sharifah K. Syed-Yusof ◽  
Paulson Eberechukwu Numan ◽  
Kamaludin Mohamad Yusof ◽  
Jafri Bin Din ◽  
Muhammad Nadzir Bin Marsono ◽  
...  
Keyword(s):  
Software Defined Networking ◽  
Control Plane ◽  
5G Network ◽  
Controller Placement

An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier

2020 ◽  
pp. 1-20
Author(s):  
K. Muthamil Sudar ◽  
P. Deepalakshmi
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Architecture ◽  
Detection System ◽  
Software Defined Networking ◽  
Control Plane ◽  
Control Logic ◽  
Data Plane

Software-defined networking is a new paradigm that overcomes problems associated with traditional network architecture by separating the control logic from data plane devices. It also enhances performance by providing a highly-programmable interface that adapts to dynamic changes in network policies. As software-defined networking controllers are prone to single-point failures, providing security is one of the biggest challenges in this framework. This paper intends to provide an intrusion detection mechanism in both the control plane and data plane to secure the controller and forwarding devices respectively. In the control plane, we imposed a flow-based intrusion detection system that inspects every new incoming flow towards the controller. In the data plane, we assigned a signature-based intrusion detection system to inspect traffic between Open Flow switches using port mirroring to analyse and detect malicious activity. Our flow-based system works with the help of trained, multi-layer machine learning-based classifier, while our signature-based system works with rule-based classifiers using the Snort intrusion detection system. The ensemble feature selection technique we adopted in the flow-based system helps to identify the prominent features and hasten the classification process. Our proposed work ensures a high level of security in the Software-defined networking environment by working simultaneously in both control plane and data plane.

scholarly journals Load Balancing in Software-Defined Networking using Controller Placement

2020 ◽  
Author(s):  
Hamid Nejadnik ◽  
Rasool Sadeghi ◽  
Sayed Mahdi Faghih Imani
Keyword(s):  
Load Balancing ◽  
Software Defined Networking ◽  
Network Simulator ◽  
Control Plane ◽  
Placement Problem ◽  
Data Plane ◽  
Controller Placement ◽  
Controller Placement Problem ◽  
Load Balancer

Abstract Software Defined Networking (SDN) is a novel architecture that separates the data plane from the control plane using an external controller. Similar to traditional networks, load balancing has a great impact on the performance and availability of SDN. Therefore, the Controller Placement Problem (CPP) in SDN influences on the load balancing solutions. In this paper, various topologies of CPP including different load balancer controllers are simulated and evaluated in the SDN using the OFSwitch13 module of ns-3 network simulator. The results provide a solid comparison of the proposed topologies in different network situations.

A distributed load balancing algorithm for the control plane in software defined networking

2016 ◽  
Author(s):  
Federico Cimorelli ◽  
Francesco Delli Priscoli ◽  
Antonio Pietrabissa ◽  
Lorenzo Ricciardi Celsi ◽  
Vincenzo Suraci ◽  
...  
Keyword(s):  
Load Balancing ◽  
Software Defined Networking ◽  
Control Plane ◽  
Distributed Load ◽  
Load Balancing Algorithm

scholarly journals Software Defined Networking Flow Table Management of OpenFlow Switches Performance and Security Challenges: A Survey

2020 ◽  
Vol 12 (9) ◽  
pp. 147 ◽  
Author(s):  
Babangida Isyaku ◽  
Mohd Soperi Mohd Zahid ◽  
Maznah Bte Kamat ◽  
Kamalrulnizam Abu Bakar ◽  
Fuad A. Ghaleb
Keyword(s):  
Large Scale ◽  
Network Performance ◽  
Software Defined Networking ◽  
Cloud Services ◽  
Future Research ◽  
Control Plane ◽  
Processing Load ◽  
Flow Table ◽  
Data Plane ◽  
Large Scale Networks

Software defined networking (SDN) is an emerging network paradigm that decouples the control plane from the data plane. The data plane is composed of forwarding elements called switches and the control plane is composed of controllers. SDN is gaining popularity from industry and academics due to its advantages such as centralized, flexible, and programmable network management. The increasing number of traffics due to the proliferation of the Internet of Thing (IoT) devices may result in two problems: (1) increased processing load of the controller, and (2) insufficient space in the switches’ flow table to accommodate the flow entries. These problems may cause undesired network behavior and unstable network performance, especially in large-scale networks. Many solutions have been proposed to improve the management of the flow table, reducing controller processing load, and mitigating security threats and vulnerabilities on the controllers and switches. This paper provides comprehensive surveys of existing schemes to ensure SDN meets the quality of service (QoS) demands of various applications and cloud services. Finally, potential future research directions are identified and discussed such as management of flow table using machine learning.

scholarly journals Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli
Keyword(s):  
Network Architecture ◽  
Flow Rule ◽  
Software Defined Network ◽  
Ddos Attacks ◽  
Control Plane ◽  
Ddos Attack ◽  
Flow Table ◽  
Data Plane ◽  
Ddos Detection ◽  
Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

Sign in / Sign up

Export Citation Format

Share Document