Robust and Agile System against Fault and Anomaly Traffic in Software Defined Networks

@article{Kim2017RobustAA,
  title={Robust and Agile System against Fault and Anomaly Traffic in Software Defined Networks},
  author={Mihui Kim and Younghee Park and Rohit Kotalwar},
  journal={Applied Sciences},
  year={2017},
  volume={7},
  pages={266}
}
The main advantage of software defined networking (SDN) is that it allows intelligent control and management of networking though programmability in real time. It enables efficient utilization of network resources through traffic engineering, and offers potential attack defense methods when abnormalities arise. However, previous studies have only identified individual solutions for respective problems, instead of finding a more global solution in real time that is capable of addressing multiple… 
4 Citations
A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers
TLDR
This paper comprehensively reviews the current state‐of‐the‐art security threats, vulnerabilities, and issues at the control plane and presents a detailed classification of various security attacks on the control layer.
Enhanced Bit Repair IP Fast Reroute Mechanism for Rapid Network Recovery
TLDR
The paper presents the proposal of the new Enhanced Bit Repair (EB-REP)IP FRR mechanism, which offers significant improvements over its predecessor, the B-REP mechanism, and is an advanced contribution to solving IP FRR-related problems.
SmartX Multi-View Visibility Framework with Flow-Centric Visibility for SDN-Enabled Multisite Cloud Playground
TLDR
This paper presents a comprehensive extension of SmartX MVF with flow-centric visibility for simultaneously monitoring physical-virtual resources, flows classification, and visualization to eventually assist secured operation of SDN-enabled multisite cloud infrastructure.
Software-Defined Networking Application with Deep Deterministic Policy Gradient
TLDR
This work proposes a proposed SDN application that consists of traffic monitoring module and routing module to optimize the network and uses deep reinforcement learning agent trained with deep deterministic policy gradient to manage switch forwarding.

References

SHOWING 1-10 OF 63 REFERENCES
Security in Software Defined Networks: A Survey
TLDR
This paper analyzes security threats to application, control, and data planes of SDN and describes the security platforms that secure each of the planes followed by various security approaches for network-wide security in SDN.
Securing the Software Defined Network Control Layer
TLDR
This work proposes the design of security extensions at the control layer to provide the security management and arbitration of conflicting flow rules that arise when multiple applications are deployed within the same network.
Rosemary: A Robust, Secure, and High-performance Network Operating System
TLDR
ROSEMARY is presented, which implements a network application containment and resilience strategy based around the notion of spawning applications independently within a micro-NOS, and it is found that with the integration of two optimization features, ROSEMARY offers a competitive performance advantage over the majority of other controllers.
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
TLDR
TopoGuard, a new security extension to SDN controllers, which provides automatic and real-time detection of Network Topology Poisoning Attacks is presented and evaluation on a prototype implementation of TopoGuard in the Floodlight controller shows that the defense solution can effectively secure network topology while introducing only a minor impact on normal operations of OpenFlow controllers.
Active security
TLDR
This paper built an initial prototype that extends the FloodLight software-defined networking controller to automatically interface with the Snort intrusion detection system to detect anomalies, the Linux Memory Extractor to collect forensic evidence at run-time, and the Volatility parsing tool to extract an executable from physical memory and analyze information about the malware.
Revisiting Traffic Anomaly Detection Using Software Defined Networking
TLDR
This paper shows how four prominent traffic anomaly detection algorithms can be implemented in an SDN context using Openflow compliant switches and NOX as a controller and indicates that these algorithms are significantly more accurate in identifying malicious activities in the home networks as compared to the ISP.
Improving network management with software defined networking
TLDR
Three problems in network management are identified: enabling frequent changes to network conditions and state, providing support for network configuration in a highlevel language, and providing better visibility and control over tasks for performing network diagnosis and troubleshooting.
FRESCO: Modular Composable Security Services for Software-Defined Networks
TLDR
This paper introduces FRESCO, an OpenFlow security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled detection and mitigation modules, and demonstrates the utility of FRESCO through the implementation of several well-known security defenses as Open Flow security services.
A security enforcement kernel for OpenFlow networks
TLDR
This work introduces FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller that enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications.
Distributed and collaborative traffic monitoring in software defined networks
TLDR
A Distributed and Collaborative Monitoring system, named DCM, that allows switches to collaboratively achieve flow monitoring tasks and balance measurement load and is able to perform per-flow monitoring, by which different groups of flows are monitored using different actions.
...
1
2
3
4
5
...