A SIMULATION STUDY OF SDN DEFENSE AGAINST BOTNET ATTACK BASED ON NETWORK TRAFFIC DETECTION

This paper discusses the Software Defined Networking (SDN) security experiment on Zeus Botnet attacks based on traffic behavior in the network. The development of SDN technology is increasingly in demand today, both on the researcher and industry side. This is inseparable from the SDN feature that gives the developer the flexibility to program the system inside. But on the other hand, the development of network technology cannot be separated from the threat of attack, especially Botnet attacks. Botnets are able to take control of the SDN network by attacking the control plane. This is possible when the botmaster enters a third party into the network and infects the associated device in the SDN network as a bot. This problem is categorized as Integrity in CIA triad (Confidentiality, Integrity, and Availability) used in the evaluation of security performance. Integrity in the CIA triad is a state of information that is always accurate and consistent until a recognized user makes a change. At the end of this paper will be explained about future research based on experimental test results

Software-defined zero-trust network architecture : Evolution from Purdue model -based networking

Digitalization has brought many technological developments which improve the business operations on many industries. In recent years, the drive towards service based solutions has superseded the locally managed solutions towards vendor managed solutions that are managed through the Internet. Unfortunately, the architecture, and the infrastructure which it is based on, have not developed at the same pace. This has led to organizations undermining the architecture and policies designed for it. Therefore, a modern architecture is needed with the capability of supporting these uprising technologies. The objective of this thesis was to find out if Purdue model works as a valid reference architecture for building networks in today’s standards, and if it needs to be replaced, what would be the alternatives. To answer the research question, it was first investigated whether Purdue model can be used for modern network architecture. After that, a literacy review was performed to see what some of the current and modern recommendations are. The literacy review also included research on what some of the current threats to digital platforms are, and how cybersecurity is engineered. It was discovered that zero trust architecture and software defined solutions enhance the overall security and management of the operating environments. The thesis concludes with a logical reference architecture for networks as a suggested solution. The suggested solution is a new network architecture that implements the elements of zero trust and uses software defined networking to manage the underlying infrastructure

Toward Open and Programmable Wireless Network Edge

Increasingly, the last hop connecting users to their enterprise and home networks is wireless. Wireless is becoming ubiquitous not only in homes and enterprises but in public venues such as coffee shops, hospitals, and airports. However, most of the publicly and privately available wireless networks are proprietary and closed in operation. Also, there is little effort from industries to move forward on a path to greater openness for the requirement of innovation. Therefore, we believe it is the domain of university researchers to enable innovation through openness. In this thesis work, we introduce and defines the importance of open framework in addressing the complexity of the wireless network. The Software Defined Network (SDN) framework has emerged as a popular solution for the data center network. However, the promise of the SDN framework is to make the network open, flexible and programmable. In order to deliver on the promise, SDN must work for all users and across all networks, both wired and wireless. Therefore, we proposed to create new modules and APIs to extend the standard SDN framework all the way to the end-devices (i.e., mobile devices, APs). Thus, we want to provide an extensible and programmable abstraction of the wireless network as part of the current SDN-based solution. In this thesis work, we design and develop a framework, weSDN (wireless extension of SDN), that extends the SDN control capability all the way to the end devices to support client-network interaction capabilities and new services. weSDN enables the control-plane of wireless networks to be extended to mobile devices and allows for top-level decisions to be made from an SDN controller with knowledge of the network as a whole, rather than device centric configurations. In addition, weSDN easily obtains user application information, as well as the ability to monitor and control application flows dynamically. Based on the weSDN framework, we demonstrate new services such as application-aware traffic management, WLAN virtualization, and security management

An SDN Perspective on Multi-connectivity and Seamless Flow Migration

Devices capable of multi-connectivity currently use static rules for selecting the set of interfaces to use. Such rules are limited in scope and can be counter-productive. We posit that SDN techniques can address this inefficiency. We present an approach that enables an SDN controller to manage the flows traversing the Ethernet, Wi-Fi, and LTE links in our laptop and also migrate the flows from one link to another. Our solution opens avenues that enable end-user device to negotiate with the network controllers when taking its control plane decisions.Peer reviewe

Security analysis of mobile edge computing in virtualized small cell networks

Based upon the context of Mobile Edge Computing (MEC) actual research and within the innovative scope of the SESAME EU-funded research project, we propose and assess a framework for security analysis applied in virtualised Small Cell Networks, with the aim of further extending MEC in the broader 5G environment. More specifically, by applying the fundamental concepts of the SESAME original architecture that aims at providing enhanced multi-tenant MEC services through Small Cells coordination and virtualization, we focus on a realistic 5G-oriented scenario enabling the provision of large multi-tenant enterprise services by using MEC. Then we evaluate several security issues by using a formal methodology, known as the Secure Tropos