A Secured Software Defined Network Architecture for Mini Net using POX Controller

SDN (software-defined networks) is a new technology that stems from numerous network security enhancements. It handles network data in a flexible manner using highly secure frameworks. The secure SDN model's purpose is to ensure data security. The proposed idea to be executed is a robust firewall protection in a mini net employing a POX controller. In order to deal with network-induced dangers, the huge network connectivity influenced environment requires additional protection. The proposed effort focuses on creating a secure SDN simulation architecture that is managed by Open Source POX Controller. Through a POX-controlled traffic management system and a Fingerprint-enabled authentication technique, the system provides multilayer security. The enhanced security is achieved by assessing network traffic as either elephant or mouse flow and selecting the appropriate security level based on data complexity. Mininet is run in a virtual cloud, where protocols and tools are tested and supported by a virtual machine (VM). The novelty is to produce a secure SDN topology was created using a python-based POX controller in the suggested technique. It also provides a low-cost solution as well as rapid development in conjunction with industrial networks

Big Data Analysis-Based Secure Cluster Management for Optimized Control Plane in Software-Defined Networks

In software-defined networks (SDNs), the abstracted control plane is its symbolic characteristic, whose core component is the software-based controller. The control plane is logically centralized, but the controllers can be physically distributed and composed of multiple nodes. To meet the service management requirements of large-scale network scenarios, the control plane is usually implemented in the form of distributed controller clusters. Cluster management technology monitors all types of events and must maintain a consistent global network status, which usually leads to big data in SDNs. Simultaneously, the cluster security is an open issue because of the programmable and dynamic features of SDNs. To address the above challenges, this paper proposes a big data analysis-based secure cluster management architecture for the optimized control plane. A security authentication scheme is proposed for cluster management. Moreover, we propose an ant colony optimization approach that enables big data analysis scheme and the implementation system that optimizes the control plane. Simulations and comparisons show the feasibility and efficiency of the proposed scheme. The proposed scheme is significant in improving the security and efficiency SDN control plane

Generalized Entropy-Based Approach With A Dynamic Threshold To Detect Ddos Attacks On Software Defined Networking Controller

The wide proliferation of telecommunication technologies in the last decade also gives rise to many sophisticated security threats. Software-Defined Networking (SDN) is a new networking architecture that isolates the network control plane from the data plane that offers better features and functionalities to detect and deal with those security threats. Its programmable elastic feature permits efficient network management and provides network operators with the flexibility to monitor and fine-tune their network. However, the new technology is not free from new security concerns. The Distributed Denial of Service (DDoS) attack is one of the major concerns that mainly targets the SDN controller and threatens the security of the SDN networks. Since the controller is the key and focal component of the SDN, any problem occurring at the controller may degrade or even collapses the entire network. Therefore, there is a dire need for an effective approach to detect low rate DDoS attacks with high accuracy and low false positive rate. Thus, this thesis proposes an efficient DDoS attack detection approach called Generalized Entropy-Based Approach with a Dynamic Threshold to Detect DDoS Attacks on Software-Defined Networking Controller (GEADDDC). GEADDDC generalizes the Renyi Joint Entropy algorithm and uses a dynamic threshold to detect DDoS attacks on the SDN controller

Deep learning : enhancing the security of software-defined networks

Software-defined networking (SDN) is a communication paradigm that promotes network flexibility and programmability by separating the control plane from the data plane. SDN consolidates the logic of network devices into a single entity known as the controller. SDN raises significant security challenges related to its architecture and associated characteristics such as programmability and centralisation. Notably, security flaws pose a risk to controller integrity, confidentiality and availability. The SDN model introduces separation of the forwarding and control planes. It detaches the control logic from switching and routing devices, forming a central plane or network controller that facilitates communications between applications and devices. The architecture enhances network resilience, simplifies management procedures and supports network policy enforcement. However, it is vulnerable to new attack vectors that can target the controller. Current security solutions rely on traditional measures such as firewalls or intrusion detection systems (IDS). An IDS can use two different approaches: signature-based or anomaly-based detection. The signature-based approach is incapable of detecting zero-day attacks, while anomaly-based detection has high false-positive and false-negative alarm rates. Inaccuracies related to false-positive attacks may have significant consequences, specifically from threats that target the controller. Thus, improving the accuracy of the IDS will enhance controller security and, subsequently, SDN security. A centralised network entity that controls the entire network is a primary target for intruders. The controller is located at a central point between the applications and the data plane and has two interfaces for plane communications, known as northbound and southbound, respectively. Communications between the controller, the application and data planes are prone to various types of attacks, such as eavesdropping and tampering. The controller software is vulnerable to attacks such as buffer and stack overflow, which enable remote code execution that can result in attackers taking control of the entire network. Additionally, traditional network attacks are more destructive. This thesis introduces a threat detection approach aimed at improving the accuracy and efficiency of the IDS, which is essential for controller security. To evaluate the effectiveness of the proposed framework, an empirical study of SDN controller security was conducted to identify, formalise and quantify security concerns related to SDN architecture. The study explored the threats related to SDN architecture, specifically threats originating from the existence of the control plane. The framework comprises two stages, involving the use of deep learning (DL) algorithms and clustering algorithms, respectively. DL algorithms were used to reduce the dimensionality of inputs, which were forwarded to clustering algorithms in the second stage. Features were compressed to a single value, simplifying and improving the performance of the clustering algorithm. Rather than using the output of the neural network, the framework presented a unique technique for dimensionality reduction that used a single value—reconstruction error—for the entire input record. The use of a DL algorithm in the pre-training stage contributed to solving the problem of dimensionality related to k-means clustering. Using unsupervised algorithms facilitated the discovery of new attacks. Further, this study compares generative energy-based models (restricted Boltzmann machines) with non-probabilistic models (autoencoders). The study implements TensorFlow in four scenarios. Simulation results were statistically analysed using a confusion matrix, which was evaluated and compared with similar related works. The proposed framework, which was adapted from existing similar approaches, resulted in promising outcomes and may provide a robust prospect for deployment in modern threat detection systems in SDN. The framework was implemented using TensorFlow and was benchmarked to the KDD99 dataset. Simulation results showed that the use of the DL algorithm to reduce dimensionality significantly improved detection accuracy and reduced false-positive and false-negative alarm rates. Extensive simulation studies on benchmark tasks demonstrated that the proposed framework consistently outperforms all competing approaches. This improvement is a further step towards the development of a reliable IDS to enhance the security of SDN controllers

Enhancing Security and Robustness for SDN-Enabled Cloud Networks

Software-Defined Networking is an emerging network architecture which promises to solve the limitations associated with current cloud computing systems based on traditional network. The main idea behind SDN is to separate control plane from networking devices, thereby providing a centralized control layer integrable to cloud-based infrastructure. The integration of SDN and Cloud Computing brings an immense benefits to network deployment and management, however, this model still faces many critical challenges with regards to availability, scalability and security. In this study, we present a security and robustness SDN-Enabled Cloud model using OpenStack and OpenDaylight. In particular, we design and implement a security clustering-based SDN Controller for monitoring and managing cloud networking, and a hardware platform to accelerate packet processing in virtual switches. We evaluate our proposed model on a practical cloud testbed consisting of several physical and virtual nodes. The experiment results show that the SDN controller cluster significantly improve robustness for the network even in case of being attacked by abnormal network traffic; while the hardware-accelerated switches can be operated in highperformance and well-adapted to the cloud environment

Automatic Intent-Based Secure Service Creation Through a Multilayer SDN Network Orchestration

Growing traffic demands and increasing security awareness are driving the need for secure services. Current solutions require manual configuration and deployment based on the customer's requirements. In this work, we present an architecture for an automatic intent-based provisioning of a secure service in a multilayer - IP, Ethernet, and optical - network while choosing the appropriate encryption layer using an open-source software-defined networking (SDN) orchestrator. The approach is experimentally evaluated in a testbed with commercial equipment. Results indicate that the processing impact of secure channel creation on a controller is negligible. As the time for setting up services over WDM varies between technologies, it needs to be taken into account in the decision-making process.Comment: Parts of the presented work has received funding from the European Commission within the H2020 Research and Innovation Programme, under grant agreeement n.645127, project ACIN

Active Response Using Host-Based Intrusion Detection System and Software-Defined Networking

This research proposes AHNSR: Active Host-based Network Security Response by utilizing Host-based Intrusion Detection Systems (HIDS) with Software-Defined Networking (SDN) to enhance system security by allowing dynamic active response and reconstruction from a global network topology perspective. Responses include traffic redirection, host quarantining, filtering, and more. A testable SDN-controlled network is constructed with multiple hosts, OpenFlow enabled switches, and a Floodlight controller, all linked to a custom, novel interface for the Open-Source SECurity (OSSEC) HIDS framework. OSSEC is implemented in a server-agent architecture, allowing scalability and OS independence. System effectiveness is evaluated against the following factors: alert density and a selective Floodlight module response types. At the expected operational load of 500 events per second (EPS), results reveal a mean system response time of 0.5564 seconds from log generation to flow table update via Floodlights Access Control List module. Load testing further assesses performance at 10 - 10000 EPS for all tested response modules

Convolutional Neural Network based algorithm for Early Warning Proactive System security in Software Defined Networks

Software-Defined Networking is an innovative architecture approach in the networking field. This technology allows networks to be centrally and intelligently managed by unified applications such as traffic classification and security management. Traditional networks’ static nature has a minimal capacity to meet organisations business requirements. Software-Defined Networks (SDNs) are the emerging architectures that address a range of networking challenges with new solutions. Nevertheless, these centralised and programmable techniques face various challenges and issues that require contemporary security solutions such as Intrusion Detection Systems. Recently, the majority of this type of security solution has been developed using Machine Learning techniques. Deep Learning algorithms have recently been used to provide more accuracy and efficiency. This paper presents a new detection approach based on Convolutional Neural Network (CNN). The experiments proved that the proposed model could be successfully implemented in a Software-Defined Network controller to detect various attacks with 100% accuracy, achieved a low degradation rate of 2.3% throughput and 1.8% latency when executed in a large-scale network

An Interaction-based Software-Defined Security Model and Platform to secure cloud resources

University of Technology Sydney. Faculty of Engineering and Information Technology.Cloud computing has transformed a large portion of the IT industry through its ability to provision infrastructure resources – computing, networking, storage, and software– as services. Transferring to such an infrastructure relies on virtualization and its dynamic construction ability to spread over a geographical area. The challenge is in finding effective mechanisms for isolating security issues in cloud infrastructure. Isolation implies creating security boundaries for protecting cloud assets at different levels of a cloud security architecture. Building security boundaries is critical not only for recognizing security violations but also for creating security solutions. However, it is challenging as virtual boundaries are not as clear-cut as physical boundaries in traditional infrastructure. The difficulty rises as virtual boundaries among components are not well defined and often undefined, and hence they are not visible/controllable by the providers. Additionally, defining object boundaries is extremely difficult because virtual objects are dynamic in both characteristics and functionality. Many efforts have been made to address security isolation challenges, but no attempt has been made to consider an overall solution to a dynamic, intelligent, programable, and on-demand security isolation system. Moreover, there is no platform/framework to deliver programmable and on-demand construction of security boundaries to protect cloud resources. We develop a new method to protect cloud infrastructure with new intelligent isolation mechanisms to detect and predict security breaks. This research applies promising new technologies, including software-defined networking and network function virtualization, in providing on-demand security services over large-scale cloud infrastructure and overcoming challenges in constructing dynamic security boundaries. To protect cloud resources, we propose a Policy-based Interaction Model and develop the Software-Defined Security Service. We develop a novel intelligent security isolation interaction algorithm to model security boundaries. To do so, we proposed a Policy-driven Interaction Model to construct dynamic security boundaries intelligently. A Software-Defined Security Service (SDS2) model was developed with three novel components, including security controller, Sec-Manage protocol, and the virtual security function. The SDS2 carries the concepts of a logically centralized security controller to provision on-demand security services. The research novelty lies in its innovative and intelligent security isolation interaction model, novel approach in detecting and predicting security violations, and constructing dynamic, programmable, and on-demand VSFs. It enables i) overall visibility on security boundaries within the cloud infrastructure, ii) the automation of provisioning security services on-demand, iii) a proactive security technique against security interaction violations, iv) separation of security services for both cloud providers and tenants