Shumian Yang,Lianhai Wang,Dawei Zhao,Xiaohui Han,Shuhui Zhang

DOI: https://doi.org/10.22323/1.300.0033

2018-01-01

Abstract:Software definition networking is a revolutionary network architecture, which realizes the separation of the control plane and data plane of a network. While providing the centralized controllability and the software programmability, the network itself is encountering many security problems. In order to solve the problem of security threats in SDN networks, there are different layers of unique security challenges and the relevant research on SDN security problems. This paper introduces the depth learning technology into the field of security threat detection in SDN, and propose a security threat detection framework based on depth learning.The framework is based on the research on model establishment, abnormal behavior recognition and decision algorithm design. The software system based on physical memory analysis is under development in SDN. The system verifies the feasibility of this framework, and to finally generate the work plan on SDN infrastructure.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

Iftekhar Ahmed Mahar,Wu Libing,Zulfikar Ahmed Maher,Ghulam Ali Rahu

DOI: https://doi.org/10.1109/KHI-HTC60760.2024.10482096

2024-01-01

Abstract:Due to the fast growth of modern mobile communication and internet technologies, the devices, gadgets, and architecture in networking systems have now become heterogeneous and complicated. More intelligence is required to adequately manage, operate, enhance, and organize the network systems. Software defined networks (SDN) introduces novel opportunities for delivering intelligence within network systems. Software defined networking focus on the separation of the control and data plane. Software defined networking offers a universal control plane across all the networking devices within network system, making device configuration quick and straightforward. However, like any technological advancement, SDN is not immune to security challenges. This article explores the fundamental concepts of SDN and delves into the security threats that accompany its implementation. This review underscores the need for a proactive stance in addressing the intricacies of SDN security. As the networking landscape evolves, the synthesis of innovative solutions, collaborative research efforts, and industry-wide best practices will be pivotal in fortifying the resilience of SDN against emerging security threats. Navigating these frontiers demands a collective commitment to ensuring the secure and efficient future of the computer networks.

Zhaogang Shu,Jiafu Wan,Di Li,Jiaxiang Lin,Athanasios V. Vasilakos,Muhammad Imran

DOI: https://doi.org/10.1007/s11036-016-0676-x

2016-01-01

Mobile Networks and Applications

Abstract:In recent years, Software-Defined Networking (SDN) has been a focus of research. As a promising network architecture, SDN will possibly replace traditional networking, as it brings promising opportunities for network management in terms of simplicity, programmability, and elasticity. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be also paid to security at this early design stage. This paper focuses on the security aspects of SDN. We begin by discussing characteristics and standards of SDN. On the basis of these, we discuss the security features as a whole and then analyze the security threats and countermeasures in detail from three aspects, based on which part of the SDN paradigm they target, i.e., the data forwarding layer, the control layer and the application layer. Countermeasure techniques that could be used to prevent, mitigate, or recover from some of such attacks are also described, while the threats encountered when developing these defensive mechanisms are highlighted.

Arusa Kanwal,Mohammad Nizamuddin,Waseem Iqbal,Waqas Aman,Yawar Abbas,Shynar Mussiraliyeva

DOI: https://doi.org/10.1109/access.2024.3390968

IF: 3.9

2024-04-27

IEEE Access

Abstract:Software Defined Networking (SDN) has emerged as a new paradigm for managing heterogeneous networks ranging from enterprises to home network via decoupling the control plane from the data plane. In the traditional networking landscape, these two planes are tightly bound together inside a single appliance. The logically centralized and distributed control plane and programmability offer a great opportunity to improve network security, such as by implementing new mechanisms to detect and mitigate various threats, and also enable security as a service in an SDN paradigm. Due to the ever increasing and fast development of SDN, this paper provides an extensive survey of SDN controllers, SDN-related security threats, and solutions to mitigate the security threats. This study provides a comprehensive survey of 53 SDN controllers from different aspects, including language, architecture, organization, open source, scalability, consistency, reliability, API used, library, and their description. We have also provided a detailed security analysis of SDN architecture with an extensive classification of security threats endangering its different architectural components and the solutions to effectively mitigate them. This paper also identifies challenges and promising future directions on SDN deployment, standardization, implementation, and security issues that should be addressed in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yassine Maleh,Youssef Qasmaoui,Khalid El Gholami,Yassine Sadqi,Soufyane Mounir

DOI: https://doi.org/10.1007/s40860-022-00171-8

2022-02-08

Journal of Reliable Intelligent Environments

Abstract:Nowadays, security threats on Software Defined Network SDN architectures are similar to traditional networks. However, the profile of these threats changes with SDN. For example, a denial-of-service attack on a centralized controller that manages a large network of several network devices (routers, switches, etc.) is more destructive than a targeted attack against a router. A spoofed SDN controller could allow a hacker to control an entire network, while a spoofed router could only harm the proper functioning of the traffic routed through that router. The SDN is facing these new security challenges, especially on securing the SDN architecture itself. SDN security is ensured at all these levels based on three-layer architecture and programming interfaces, which poses several challenges. The SDN’s security challenges are expected to grow with the progressive deployment. This paper aims to provide a comprehensive review of state of the art, accompanied by categorizing the research literature into a taxonomy that highlights each proposal’s main characteristics and contributions to the SDN's different layers. Based on the analysis of existing work, we also highlight key research gaps that could support future research in this area.

Ihsan H. Abdulqadder,Deqing Zou,Israa T. Aziz,Bin Yuan

DOI: https://doi.org/10.1109/icct.2017.8359852

2017-01-01

Abstract:Software Defined Networking (SDN) support several administrators for quicker access of resources due to its manageability, cost-effectiveness and adaptability. Even though SDN is beneficial it also exists with security based challenges due to many vulnerable threats. Participation of such threats increases their impact and risk level. In this paper a multi-level security mechanism is proposed over SDN architecture design. In each level the flow packet is analyzed using different metric and finally it reaches a secure controller for processing. Benign flow packets are differentiated from non-benign flow by means of the packet features. Initially routers verify user, secondly policies are verified by using dual-fuzzy logic design and thirdly controllers are authenticated using signature based authentication before assigning flow packets. This work aims to enhance entire security of developed SDN environment. SDN architecture is implemented in OMNeT++ simulation tool that supports OpenFlow switches and controllers. Finally experimental results show better performances in following performance metrics as throughput, time consumption and jitter.

Abdallah Mustafa Abdelrahman,Joel J. P. C. Rodrigues,Mukhtar M. E. Mahmoud,Kashif Saleem,Ashok Kumar Das,Valery Korotaev,Sergei A. Kozlov

DOI: https://doi.org/10.1002/dac.4706

2020-12-15

International Journal of Communication Systems

Abstract:Software‐defined networking (SDN) is an agile, modern networking approach that facilitates innovations in the networking paradigm. The abstracted and centralized network operating system facilitates the network management and reduces operational expenditure (OPEX). The open nature and simplicity of the data‐forwarding plane dramatically reduces capital expenditure (CAPEX) by leveraging commodity servers and switches. SDN also lends itself very well to address major cloud computing issues and complement cloud services, especially in terms of network virtualization and networking as a service (NaaS). As a new technology, SDN does involve certain security challenges, which include distributed denial of service (DDoS) threats, build and run time injected malware, insider (tenant) attacks, and security holes resulting from controller misconfigurations. These are severe threats that can cripple an entire network. It is crucial to address the SDN vulnerabilities to ensure its successful deployment in private data center networks, on cloud platforms and beyond. Some security solutions leverage the built‐in features of SDN, such as its controller software component, while other solutions provide external SDN applications running above the controller. This study reviews the security solutions for the vulnerabilities of state‐of‐the‐art SDN controllers and the available countermeasures. Furthermore, an in‐depth analysis of the SDN features that support security is presented, and some unresolved research issues on SDN controllers are identified.

telecommunications,engineering, electrical & electronic

Ali Nadim Alhaj,Narottam Das Patel,Ajeet Singh,Rohit Kumar Bondugula,Mohsin Furkh Dar,Jameel Ahamed

DOI: https://doi.org/10.1504/ijsnet.2024.141613

2024-09-28

International Journal of Sensor Networks

Abstract:The rapid expansion of networks has given rise to numerous challenges and issues. In recent years, one idea that has captivated researchers is segregating the forwarding and control levels, which emerged with software-defined networking (SDN) frameworks. Despite centralised management and network administration advantages, SDN networks have encountered several issues, with safety and reliability being the most prominent. This paper proposes a comprehensive robust security architecture for SDN networks that consists of modular components. Each module addresses a specific security challenge, and by integrating these security solutions, we aim to establish a cohesive security framework for SDN. Furthermore, we propose a robust security algorithm capable of effectively mitigating critical security attacks such as DDoS, ARP, and MITM. Our approach involves developing a multi-level security algorithm to counteract most DDoS attacks, while also devising a real-time algorithm specifically designed to handle ARP attacks, including request-replay-ARP DoS attacks.

computer science, information systems,telecommunications

Tao Han,Syed Rooh Ullah Jan,Zhiyuan Tan,Muhammad Usman,Mian Ahmad Jan,Rahim Khan,Yongzhao Xu

DOI: https://doi.org/10.1002/cpe.5300

2019-04-17

Concurrency and Computation: Practice and Experience

Abstract:Software Defined Network (SDN) and Network Virtualization (NV) are emerged paradigms that simplified the control and management of the next generation networks, most importantly, Internet of Things (IoT), Cloud Computing, and Cyber‐Physical Systems. The Internet of Things (IoT) includes a diverse range of a vast collection of heterogeneous devices that require interoperable communication, scalable platforms, and security provisioning. Security provisioning to an SDN‐based IoT network poses a real security challenge leading to various serious security threats due to the connection of various heterogeneous devices having a wide range of access protocols. Furthermore, the logical centralized controlled intelligence of the SDN architecture represents a plethora of security challenges due to its single point of failure. It may throw the entire network into chaos and thus expose it to various known and unknown security threats and attacks. Security of SDN controlled IoT environment is still in infancy and thus remains the prime research agenda for both the industry and academia. This paper comprehensively reviews the current state‐of‐the‐art security threats, vulnerabilities, and issues at the control plane. Moreover, this paper contributes by presenting a detailed classification of various security attacks on the control layer. A comprehensive state‐of‐the‐art review of the latest mitigation techniques for various security breaches is also presented. Finally, this paper presents future research directions and challenges for further investigation down the line.

Ihsan H. Abdulqadder,Deqing Zou,Israa T. Aziz,Bin Yuan,Weiming Li

DOI: https://doi.org/10.1109/access.2018.2797214

IF: 3.9

2018-01-01

IEEE Access

Abstract:A software-defined network (SDN) is a technology that supports computer network administrators. However, the centralized control plane architecture of SDNs makes them vulnerable to harmful security threats. In this paper, we propose a secure cloud (SecSDN-cloud) architecture that includes user authentication, routing, attack resistance, and third-party monitoring. The goal of this paper is to design an SDN-cloud environment with integrated security that can resist three different attack types: flow table overloading, control plane saturation, and Byzantine attacks. A novel digital signature with chaotic secure hashing is used for user authentication, followed by an enhanced particle swarm optimization multi-class routing protocol to improve the quality of service. Controllers are assigned to switches by integrating an enhanced genetic algorithm with a modified cuckoo search algorithm. The malicious flow identification includes the analysis of five-tuples constructed from features extracted from packets. We implemented the proposed SecSDN-cloud in the OMNeT++ simulator and evaluated its performance in terms of packet loss, end-to-end delay, throughput, latency, and bandwidth.

Jinwoo Kim,Minjae Seo,Seungsoo Lee,Jaehyun Nam,Vinod Yegneswaran,Phillip Porras,Guofei Gu,Seungwon Shin

DOI: https://doi.org/10.1016/j.comnet.2024.110203

IF: 5.493

2024-01-26

Computer Networks

Abstract:Over the last 15 years, Software-Defined Networking (SDN) has gained widespread support from both research communities and the industry owing to its open nature and programmability. This paradigm empowers stakeholders, including researchers, practitioners, and developers, to craft innovative networking services using robust APIs and a global network view, free from reliance on vendor-dependent control planes. However, the flexible architecture of SDN has introduced a plethora of security challenges absent in traditional network environments. While many surveys have presented existing attacks, there has been a lack of systematization of attacks from a penetration perspective, which is crucial for understanding attacks and their root causes. This paper aims to analyze previous literature that has disclosed attack cases in SDN, scrutinizing their vulnerabilities, penetration routes, and root causes. Additionally, we provide an in-depth and comprehensive discussion of the underlying problems associated with these attacks and present defenses proposed by researchers to mitigate them, analyzing how the root causes are remedied. Through this study, we aim to illuminate existing security issues within the current SDN architecture, prompting a reevaluation of various security problems and providing a future research guideline for SDN security.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shanshan Bian,Peng Zhang,Zheng Yan

DOI: https://doi.org/10.4108/eai.18-6-2016.2264176

2016-01-01

Abstract:Software-Defined Networking (SDN) has gained special attention in both academia and industry. It is a new network architecture framework for networking, which decouples the network control plane from the data plane at physical topology. SDN promotes centralization of network control and introduces the ability to program the network. However, the development of the SDN is constrained by various security concerns, e.g., the central management of SDN is ideal for security attack. In this paper, we investigate potential security threats and specify security requirements accordingly. Existing security solutions in SDN are seriously reviewed and evaluated based on the specified security requirements in order to figure out open issues and motivate future research efforts.

Zhiyuan Hu,Mingwen Wang,Xueqiang Yan,Yueming Yin,Zhigang Luo

DOI: https://doi.org/10.1109/icin.2015.7073803

2015-01-01

Abstract:SDN enables the administrators to configure network resources very quickly and to adjust network-wide traffic flow to meet changing needs dynamically. However, there are some challenges for implementing a full-scale carrier SDN. One of the most important challenges is SDN security, which is beginning to receive attention. With new SDN architecture, some security threats are common to traditional networking, but the profile of these threats (including their likelihood and impact and hence their overall risk level) changes. Moreover, there are some new security challenges such as bypassing predefined mandatory policies by overwriting flow entries and data eavesdropping by inserting fraudulent flow entries. This paper is to design open-flow specific security solutions and propose a comprehensive security architecture to provide security services such as enforcing mandatory network policy correctly and receiving network policy securely for SDN in order to solve these common security issues and new security challenges. It can also help the developers to implement security functions to provide security services when developing the SDN controller.

Lina WANG,Fei WANG,Weijie LIU

DOI: https://doi.org/10.14188/j.1671-8836.2019.02.004

2019-01-01

Abstract:Software-defined networks (SDN) increase the flexibility of network programming through logically centralized network control, but the subsequent security threats that are exploited by attackers will directly compromise the entire network architecture.According to the characteristics of SDN, security threats were classified into four types including intrusion attacks, anomaly attacks, DDoS and DoS attacks and spoofing attacks. Since the DDoS and DoS attacks are more targeted and harmful in the SDN environment than in traditional networks, the principles, methods and effects of attacks were mainly formulated. In addition, the existing countermeasures were reviewed according to the type of attacks. Finally, the future research directions and development trends were proposed according to the shortcomings of the existing technology.

S Pradeep,Yogesh Kumar Sharma,Umesh Kumar Lilhore,Sarita Simaiya,Abhishek Kumar,Sachin Ahuja,Martin Margala,Prasun Chakrabarti,Tulika Chakrabarti

DOI: https://doi.org/10.1038/s41598-023-44701-7

2023-10-13

Abstract:Software-defined networking (SDN) has significantly transformed the field of network management through the consolidation of control and provision of enhanced adaptability. However, this paradigm shift has concurrently presented novel security concerns. The preservation of service path integrity holds significant importance within SDN environments due to the potential for malevolent entities to exploit network flows, resulting in a range of security breaches. This research paper introduces a model called "EnsureS", which aims to enhance the security of SDN by proposing an efficient and secure service path validation approach. The proposed approach utilizes a Lightweight Service Path Validation using Batch Hashing and Tag Verification, focusing on improving service path validation's efficiency and security in SDN environments. The proposed EnsureS system utilizes two primary techniques in order to validate service pathways efficiently. Firstly, the method utilizes batch hashing in order to minimize computational overhead. The proposed EnsureS algorithm enhances performance by aggregating packets through batches rather than independently; the hashing process takes place on each one in the service pathway. Additionally, the implementation of tag verification enables network devices to efficiently verify the authenticity of packets by leveraging pre-established trust relationships. EnsureS provides a streamlined and effective approach for validating service paths in SDN environments by integrating these methodologies. In order to assess the efficacy of the Proposed EnsureS, a comprehensive series of investigations were conducted within a simulated SDN circumstance. The efficacy of Proposed EnsureS was then compared to that of established methods. The findings of our study indicate that the proposed EnsureS solution effectively minimizes computational overhead without compromising on the established security standards. The implementation successfully reduces the impact of different types of attacks, such as route alteration and packet spoofing, increasing SDN networks' general integrity.

Ihsan H. Abdulqadder,Deqing Zou,Israa T. Aziz,Bin Yuan

DOI: https://doi.org/10.1155/2018/1308678

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Software Defined Network is a promising network paradigm which has led to several security threats in SDN applications that involve user flows, switches, and controllers in the network. Threats as spoofing, tampering, information disclosure, Denial of Service, flow table overloading, and so on have been addressed by many researchers. In this paper, we present novel SDN design to solve three security threats: flow table overloading is solved by constructing a star topology-based architecture, unsupervised hashing method mitigates link spoofing attack, and fuzzy classifier combined with L1-ELM running on a neural network for isolating anomaly packets from normal packets. For effective flow migration Discrete-Time Finite-State Markov Chain model is applied. Extensive simulations using OMNeT++ demonstrate the performance of our proposed approach, which is better at preserving holding time than are other state-of-the-art works from the literature.

computer science, information systems,telecommunications

Zhijie Fan,Ya Xiao,Amiya Nayak,Chengxiang Tan

DOI: https://doi.org/10.1007/s12083-017-0604-2

IF: 3.488

2017-01-01

Peer-to-Peer Networking and Applications

Abstract:Software Defined Network (SDN) is a network framework which can be controlled and defined by software programming, and OpenFlow is the basic protocol in SDN that defines the communication protocol between SDN control plane and data plane. With the deployment of SDN in reality, many security threats and issues are of great concern. In this paper, we propose a security situation awareness approach for SDN. This approach focuses on the attacks like network scanning attack, OpenFlow flooding attack, switch compromised attack and ARP attack in both data plane and control plane. Based on the features of these attacks, we use multiple observations hidden Markov model (HMM) to quantify the network status and then get the security situation assessment values for SDN. The proposed approach can also detect these four attacks and predict the network status based on HMM when given a sequence of observed feature values. We build a test scenario to simulate our approach with Ryu controller and OpenFlow switch and prove the feasibility of this approach.

Arash Shaghaghi,Mohamed Ali Kaafar,Rajkumar Buyya,Sanjay Jha

DOI: https://doi.org/10.48550/arXiv.1804.00262

2018-04-01

Abstract:Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and re-programmability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we focus on identifying challenges faced in securing the data plane of SDN - one of the least explored but most critical components of this technology. We formalize this problem space, identify potential attack scenarios while highlighting possible vulnerabilities and establish a set of requirements and challenges to protect the data plane of SDNs. Moreover, we undertake a survey of existing solutions with respect to the identified threats, identifying their limitations and offer future research directions.

Cryptography and Security

QIU Xiao-feng,ZHAO Liang,GAO Teng

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.10.014

2013-01-01

Abstract:Software Defined Networking is in its fast growth in the past two years. Its software programmable architecture and openness bring many of new security challenges,meanw hile,numerous innovative security protection mechanisms taking advantage of features of SDN are being researched and developed. This paper summarizes and analyzes the new threats and challenges of SDN and proposes tw o evolutionary security architectures to secure SDN netw orks- Virtualized Security Appliance( VSA) and Softw are Defined Security( SDS). The critical features,use cases,advantages and disadvantages are given respectively. The corresponding implementation of firew all in both VSA and SDS architecture is demonstrated. The experiment data show that the proposed security architectures are feasible in SDN-based data centers.