Distributed Collaborative Monitoring in Software Defined Networks

We propose a Distributed and Collaborative Monitoring system, DCM, with the following properties. First, DCM allow switches to collaboratively achieve flow monitoring tasks and balance measurement load. Second, DCM is able to perform per-flow monitoring, by which different groups of flows are monitored using different actions. Third, DCM is a memory-efficient solution for switch data plane and guarantees system scalability. DCM uses a novel two-stage Bloom filters to represent monitoring rules using small memory space. It utilizes the centralized SDN control to install, update, and reconstruct the two-stage Bloom filters in the switch data plane. We study how DCM performs two representative monitoring tasks, namely flow size counting and packet sampling, and evaluate its performance. Experiments using real data center and ISP traffic data on real network topologies show that DCM achieves highest measurement accuracy among existing solutions given the same memory budget of switches

Optimal Elephant Flow Detection

Monitoring the traffic volumes of elephant flows, including the total byte count per flow, is a fundamental capability for online network measurements. We present an asymptotically optimal algorithm for solving this problem in terms of both space and time complexity. This improves on previous approaches, which can only count the number of packets in constant time. We evaluate our work on real packet traces, demonstrating an up to X2.5 speedup compared to the best alternative.Comment: Accepted to IEEE INFOCOM 201

Understanding Disruptive Monitoring Capabilities of Programmable Networks

International audienceThe design shift proposed by OpenFlow, with its simple stateless dataplane, initially contributed to the success of Software-Defined Networks. Its lack of state, however, prevents the implementation of many dataplane algorithms. Network applications must therefore offload stateful operations to the control plane, thereby increasing latency and limiting network scalability. Thus, recent research efforts centered on the addition of stateful properties to switches. In this paper, we discuss the impact of emerging programmable dataplane abstractions on network monitoring. In particular, we investigate the need for dataplane states in the design of scalable monitoring applications. We argue that these abstractions are ill-suited for software switches as they retain hardware-specific limitations. Furthermore, we analyse the impact of stateful dataplane designs on the control plane visibility of the network. Finally, we identify opportunities for improvement in the design of stateful software switches

Network Security through Software Defined Networking: a Survey

International audienceNetwork security is a predominant topic both in academia and industry. Many methods and tools have been proposed but the attackers are still able to launch massive and effective attacks. Keeping the pace with the new threats appearing or becoming more sophisticated everyday is of a paramount of importance. Software Defined Networking (SDN) has recently emerged and promotes the programmability of the networks, which thus allows to enable in-network security functions. This includes firewalls, monitoring applications or middlebox support through OpenFlow devices. Therefore, this paper reviews the related approaches which have been proposed by identifying their scope, their practicability, their advantages and their drawbacks

Evaluation of machine learning techniques for intrusion detection in software defined networking

Abstract. The widespread growth of the Internet paved the way for the need of a new network architecture which was filled by Software Defined Networking (SDN). SDN separated the control and data planes to overcome the challenges that came along with the rapid growth and complexity of the network architecture. However, centralizing the new architecture also introduced new security challenges and created the demand for stronger security measures. The focus is on the Intrusion Detection System (IDS) for a Distributed Denial of Service (DDoS) attack which is a serious threat to the network system. There are several ways of detecting an attack and with the rapid growth of machine learning (ML) and artificial intelligence, the study evaluates several ML algorithms for detecting DDoS attacks on the system. Several factors have an effect on the performance of ML based IDS in SDN. Feature selection, training dataset, and implementation of the classifying models are some of the important factors. The balance between usage of resources and the performance of the implemented model is important. The model implemented in the thesis uses a dataset created from the traffic flow within the system and models being used are Support Vector Machine (SVM), Naive-Bayes, Decision Tree and Logistic Regression. The accuracy of the models has been over 95% apart from Logistic Regression which has 90% accuracy. The ML based algorithm has been more accurate than the non-ML based algorithm. It learns from different features of the traffic flow to differentiate between normal traffic and attack traffic. Most of the previously implemented ML based IDS are based on public datasets. Using a dataset created from the flow of the experimental environment allows training of the model from a real-time dataset. However, the experiment only detects the traffic and does not take any action. However, these promising results can be used for further development of the model