Publication Type : Conference Paper
Publisher : Springer Singapore
Source : Security in Computing and Communications: 6th International Symposium, SSCC 2018, Bangalore, India, September 19–22, 2018, Revised Selected Papers 6
Url : https://link.springer.com/chapter/10.1007/978-981-13-5826-5_7
Campus : Amritapuri
Year : 2019
Abstract : Software-defined networking (SDN) is emerging as a paradigm shift, drastically changing the modern networking, as it simplifies and automates the orchestration, administration of large applications and data centers. SDN architecture offers an easy programmable interface, centralized control and distributed state management model for modern networks. However, in classical implementation of SDN, the intelligence is centralized at the controller and the role of the switches is reduced to perform simple forwarding of packets. Thus, it is obvious that the controller, in addition to control and management operations, it must gather the runtime state and information from switches all over the network. This essentially poses some huge risks: (a) controller overload, (b) congestion in the control channel because of the dependence of switches on controller for even rudimentary forwarding operations (c) making the entire network infrastructure itself vulnerable and (d) eventually leading to resource saturation attacks on the servers in the network. As SDN opened up such new attack vectors, several solutions were proposed in terms of control plane extensions, data plane innovations, improved programming abstractions, augmenting OpenFlow channel. In this paper, we present our observations on emerging stateful SDN architectures and propose a stateful/application-aware SDN architecture. We developed a security-aware framework to detect threats and mitigate saturation attacks in SDN stack and to defend Denial-of-Services (DoS) attacks on other network services and present our experiments with DoS/Flooding attack tools, datasets from popular sources, simulation of real-world attack scenarios on transport protocols TCP, UDP/IP and HTTP, NTP services. The attack detection mechanism has no significant performance impact to good traffic and average detection confidence over 99.99% of traffic states, the mitigation response is comparable with the state of the art, but with our extensible secure architecture we can defend future attacks at scale.
Cite this Research Publication : Prabhakar Krishnan, Krishnashree Achuthan, " Managing network functions in stateful application aware SDN" , Security in Computing and Communications: 6th International Symposium, SSCC 2018, Bangalore, India, September 19–22, 2018, Revised Selected Papers 6