To see the other types of publications on this topic, follow the link: SDN Security.
Journal articles on the topic 'SDN Security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'SDN Security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Kaliyamurthy, Nitheesh Murugan, Swapnesh Taterh, and Suresh Shanmugasundaram. "Software Defined Networking – Imposed Security Measures Over Vulnerable Threats and Attacks." International Journal of Applied Metaheuristic Computing 10, no. 4 (2019): 60–67. http://dx.doi.org/10.4018/ijamc.2019100104.
Full textAbstract:
Software defined networking (SDN), a new attempt in addressing the existing challenges in the legacy network architecture, is lime-lighted due to its simplified approach in managing the networks and its capability of programmability. In progressing with software defined networks implementation, security remains a high priority focus. The advantage of SDN itself opens a wide ground in posing new security threats and challenges. Focusing on the security of the SDN is a prime factor as it reflects on the growth of SDN technology implementation. This article focuses on the various existing security solutions available for SDN and the real challenge in securing the SDN providing the researchers a paved platform to work on further securing the networks. This article is designed with an introduction on SDN, its architecture, the available security solutions for the network, the leveraging threats and type of attack possibilities in SDN. This article concludes with the requirements of security factors and schemes in SDN.
2
Eom, Taehoon, Jin B. Hong, SeongMo An, Jong Sou Park, and Dong Seong Kim. "A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security Models." Security and Communication Networks 2020 (February 18, 2020): 1–15. http://dx.doi.org/10.1155/2020/7235043.
Full textAbstract:
Software defined networking (SDN) has been adopted in many application domains as it provides functionalities to dynamically control the network flow more robust and more economical compared to the traditional networks. In order to strengthen the security of the SDN against cyber attacks, many security solutions have been proposed. However, those solutions need to be compared in order to optimize the security of the SDN. To assess and evaluate the security of the SDN systematically, one can use graphical security models (e.g., attack graphs and attack trees). However, it is difficult to provide defense against an attack in real time due to their high computational complexity. In this paper, we propose a real-time intrusion response in SDN using precomputation to estimate the likelihood of future attack paths from an ongoing attack. We also take into account various SDN components to conduct a security assessment, which were not available when addressing only the components of an existing network. Our experimental analysis shows that we are able to estimate possible attack paths of an ongoing attack to mitigate it in real time, as well as showing the security metrics that depend on the flow table, including the SDN component. Hence, the proposed approach can be used to provide effective real-time mitigation solutions for securing SDN.
3
Das, Souvik, and Kamil Sarac. "Practical Labs for Teaching SDN Security." Journal of The Colloquium for Information Systems Security Education 10, no. 1 (2023): 7. http://dx.doi.org/10.53735/cisse.v10i1.166.
Full textAbstract:
The rapid adoption of Software Defined Networking (SDN) in the industry has exposed certain security risks today some of which are unique to its paradigm. Security issues around the use-cases that expose these risks are fundamentally aligned with the networking and cybersecurity concepts that are taught at the graduate level in academia. In this paper, we present a number of lab activities on SDN security that are inspired from practical use-cases in SDN deployments. The goal of this effort is to help students give a shape to their thought process about the practical security implications of SDN deployments and gain valuable practical domain knowledge in securing an environment with such deployments.
4
Lam, JunHuy, Sang-Gon Lee, Hoon-Jae Lee, and Yustus Eko Oktian. "Securing SDN Southbound and Data Plane Communication with IBC." Mobile Information Systems 2016 (2016): 1–12. http://dx.doi.org/10.1155/2016/1708970.
Full textAbstract:
In software-defined network (SDN), the southbound protocol defines the communication between the control plane and the data plane. The agreed protocol, OpenFlow, suggests securing the southbound communication with Transport Layer Security (TLS). However, most current SDN projects do not implement the security segment, with only a few exceptions such as OpenDayLight, HP VAN SDN, and ONOS implementing TLS in the southbound communication. From the telecommunication providers’ perspective, one of the major SDN consumers besides data centers, the data plane becomes much more complicated with the addition of wireless data plane as it involves numerous wireless technologies. Therefore, the complicated resource management along with the security of such a data plane can hinder the migration to SDN. In this paper, we propose securing the distributed SDN communication with a multidomain capable Identity-Based Cryptography (IBC) protocol, particularly for the southbound and wireless data plane communication. We also analyze the TLS-secured Message Queuing Telemetry Transport (MQTT) message exchanges to find out the possible bandwidth saved with IBC.
5
Yu, Yang, Yu Nan Wang, and Wei Yang. "Security Framework Based on SDN." Advanced Materials Research 989-994 (July 2014): 4690–93. http://dx.doi.org/10.4028/www.scientific.net/amr.989-994.4690.
Full textAbstract:
With the growing demand for information, it has a strategic importance for the future of sustainable development how to create a safe and robust network system to ensure the security of important information. Intrusion detection technology can proactively react against intrusion behavior and adjust its strategies in time. So it provides an effective means for network security to minimize or avoid loss when network system is attacked. It is an important part of network security system. This article first explains the current framework and the working principle of SDN. Then it explains the existing security threats of current framework. Next intrusion detection system based on SDN is proposed after the introduction of the intrusion detection system. And we made experiments to verify it. Finally we analyze the lack of the structure and propose some improvements.
6
Jose, Teenu, and Jincy Kurian. "Survey on SDN Security Mechanisms." International Journal of Computer Applications 132, no. 14 (2015): 32–35. http://dx.doi.org/10.5120/ijca2015907602.
Full text
7
Jo, Hyeonseong, Jaehyun Nam, and Seungwon Shin. "NOSArmor: Building a Secure Network Operating System." Security and Communication Networks 2018 (2018): 1–14. http://dx.doi.org/10.1155/2018/9178425.
Full textAbstract:
Software-Defined Networking (SDN), controlling underlying network devices (i.e., data plane) in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS), also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB), into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight) with secureness of network assets.
8
Savytska, Liudmyla, Tetiana Korobeinikova, Ihor Leontiev, and Serhii Bohomolov. "METHODS AND MEANS OF PROTECTING RESOURCES IN COMPUTER SDN NETWORK." Information technology and computer engineering 58, no. 3 (2023): 41–52. http://dx.doi.org/10.31649/1999-9941-2023-58-3-41-52.
Full textAbstract:
The work is dedicated to the analysis and improvement of methods and tools for building the architecture of software-defined networks (SDNs). A crucial aspect involves comparing the differences between network management using traditional methods and utilizing an SDN controller. Primary attention is given to the development of security models based on software-defined networks.The research is grounded in the analysis of specific cases involving the use of such networks, including gathering opinions and expert assessments from professionals in the field. It leverages publicly available information on methods and tools for securing the architecture of software-defined networks. SDN technology provides greater flexibility and speed in implementing security measures, allowing real-time responses to threats. In contemporary conditions, where cyber threats are becoming more complex and pronounced, SDN networks enable the detection of attacks, blocking malicious actions, and applying security policies in real-time. However, the increasing complexity of cyber threats and constant technological changes necessitate further development and enhancement of the information security of SDN network resources for companies. There is a need for further analysis and improvement of methods and tools for protecting information and other resources in computer-based SDN networks. The necessity for further analysis and improvement of methods and tools for protecting information and other resources in computer-based SDN networks serves as the foundation for this research. As a result, an enhancement in the level of information security for SDN network resources has been achieved by: 1) reducing the intervention time in the network; 2) applying an improved method of traffic processing based on network security of packet flows, allowing desired network applications to efficiently manage forwarding.
9
Fu, Wenwen, Tao Li, and Zhigang Sun. "FAS: Using FPGA to Accelerate and Secure SDN Software Switches." Security and Communication Networks 2018 (2018): 1–13. http://dx.doi.org/10.1155/2018/5650205.
Full textAbstract:
Software-Defined Networking (SDN) promises the vision of more flexible and manageable networks but requires certain level of programmability in the data plane to accommodate different forwarding abstractions. SDN software switches running on commodity multicore platforms are programmable and are with low deployment cost. However, the performance of SDN software switches is not satisfactory due to the complex forwarding operations on packets. Moreover, this may hinder the performance of real-time security on software switch. In this paper, we analyze the forwarding procedure and identify the performance bottleneck of SDN software switches. An FPGA-based mechanism for accelerating and securing SDN switches, named FAS (FPGA-Accelerated SDN software switch), is proposed to take advantage of the reconfigurability and high-performance advantages of FPGA. FAS improves the performance as well as the capacity against malicious traffic attacks of SDN software switches by offloading some functional modules. We validate FAS on an FPGA-based network processing platform. Experiment results demonstrate that the forwarding rate of FAS can be 44% higher than the original SDN software switch. In addition, FAS provides new opportunity to enhance the security of SDN software switches by allowing the deployment of bump-in-the-wire security modules (such as packet detectors and filters) in FPGA.
10
Tapiero, Robin. "Security in SDN networks and their applications." Ingeniería Solidaria 17, no. 2 (2021): 1–25. http://dx.doi.org/10.16925/2357-6014.2021.02.09.
Full textAbstract:
Introduction: The review article is the product of the research on Security in SDN networks and their applications, developed at the District University in 2020, presenting the latest advances, that have been made in security.
 Problem: The security weaknesses that SDN networks have had, due to being a new architecture. This has not allowed traditional networks to be replaced.
 
 Objective: To carry out a review of the state of the art of SDN networks, focusing research on the security of the control layer and its advances.
 Methodology: The descriptive method is implemented, consulting databases such as Scopus, IEEE and ScienceDirect, using the following search criteria: SDN networks, security in SDN networks, applications with SDN networks and OpenFlow protocol. It is shown as a research sample: the Asian, European and American continents with years of research from 2014 to 2020.
 Results: Great advances have been made in terms of security for SDN networks, which allows us to see an early solution to the weaknesses that it currently faces.
 
 Conclusion: SDN networks will solve all the challenges they face and will be consolidated as a solid and reliable architecture.
 
 Originality: an important focus is taken on the security of SDN networks and the great development that has occurred in this regard is evident.
 
 Limitations: SDN networks are a new architecture, so their development has been very little and advances in security have been significantly affected.
11
M., Silambarasan, Michael Vinoline Rinoj B., and Karthik V. "A Novel SDN Architecture for IoT Security." International Journal of Trend in Scientific Research and Development 4, no. 2 (2020): 48–52. https://doi.org/10.5281/zenodo.3842856.
Full textAbstract:
Describes the term Internet of Things IoT security architecture based on Software Defined Networking SDN . In this context, building on SDN works with or without infrastructure. This is called the SDN domain. This work describes the mechanics of the proposed architecture and reduces the chances of using SDN to achieve more effective and flexible network security. It outlined the issues associated with current SDN security applications and introduced a new IoT system plan. This document has discussed the management of Internet access for specific networks and monitoring of global traffic. Finally, it describes the choice of architecture for SDN using OpenFlow and discusses the resulting results. M. Silambarasan | B. Michael Vinoline Rinoj | V. Karthik "A Novel SDN Architecture for IoT Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-2 , February 2020, URL: https://www.ijtsrd.com/papers/ijtsrd29908.pdf
12
Zhang, Heng, Zhiping Cai, Qiang Liu, Qingjun Xiao, Yangyang Li, and Chak Fone Cheang. "A Survey on Security-Aware Measurement in SDN." Security and Communication Networks 2018 (2018): 1–14. http://dx.doi.org/10.1155/2018/2459154.
Full textAbstract:
Software-defined networking (SDN) is one of the most prevailing networking paradigms in current and next-generation networks. Basically, the highly featured separation of control and data planes makes SDN a proper solution towards many practical problems that challenge legacy networks, for example, energy efficiency, dynamic network configuration, agile network measurement, and flexible network deployment. Although the SDN and its applications have been extensively studied for several years, the research of SDN security is still in its infancy. Typically, the SDN suffers from architecture defect and OpenFlow protocol loopholes such as single controller problem, deficiency of communication verification, and network resources constraint. Hence, network measurement is a fundamental technique of protecting SDN against the above security threats. Specifically, network measurement aims to understand and quantify a variety of network behaviors to facilitate network management and monitoring, anomaly detection, network troubleshooting, and the establishment of security mechanisms. In this paper, we present a systematic survey on security-aware measurement technology in SDN. In particular, we first review the basic architecture of SDN and corresponding security challenges. Then, we investigate two performance measurement techniques in SDN, namely, link latency and available bandwidth measurements. After that, we further provide a general overview of topology measurement in SDN including intradomain and interdomain topology discovering techniques. Finally, we list three interesting future directions of security-aware measurement in SDN followed by giving conclusion remarks.
13
A Suleman, A. Mustafa, H. U. R. Kayani, M. A. Raza, and A. Saleem. "REVIEW OF SECURITY ATTACKS ON SOFTWARE DEFINED NETWORKING." Pakistan Journal of Scientific Research 3, no. 1 (2023): 60–80. http://dx.doi.org/10.57041/pjosr.v3i1.966.
Full textAbstract:
Now a days use of software defined networking increases in industry and in different enterprises due to its capabilities like centralized architecture, Data plan and control plan separation, different available controllers in different languages, very helpful in monitoring the network flow and other type of working behavior and security measures can be taken in SDN. In this article we will provide a brief overview of SDN and then we try to elaborate each and every thing to do our best like related existing work, architecture of SDN its security threats and also try to describe the SDN security attacks defense mechanism existing work with references that will be very helpful for readers to understand an SDN attacks and solutions. In short SDN becoming popular in future and also being used for many security measures to solve the security issues because SDN is also a technique that can be used as a part of security solution that is a very helpful in future. We also give a future direction at the end that is a really a novel research problem and must be solved to secure the SDN network.
14
Ma, Yingying, Chaowen Chang, Ping Wu, Jingxu Xiao, and Lu Yuan. "BSSN-SDNs: A Blockchain-Based Security Service Negotiation for the SDN Interdomain." Electronics 13, no. 16 (2024): 3120. http://dx.doi.org/10.3390/electronics13163120.
Full textAbstract:
The security requirements for SDN (Software-Defined Network) cross-domain communication are diverse and dynamically changing; thus, a security service negotiation function is required for the SDN interdomain. However, the SDN interdomain distributed communication environment leads to a lack of trustworthiness and security. Therefore, this paper proposes a blockchain-based SDN interdomain security service negotiation mechanism, BSSN-SDNs, to provide automatic, secure, and trustworthy SDN interdomain security service negotiation. BSSN-SDNs proposes a three-layer reference architecture that enables joint on-chain and off-chain work by extending the security service negotiation module and blockchain client on the controller and deploying security service negotiation smart contracts on the blockchain. It especially adopts non-interactive key exchange and the message authentication code to ensure the confidentiality of the secure service negotiated on-chain. Finally, the timeliness as well as security and trustworthiness of BSSN-SDNs are analyzed, and the FISCO BCOS-based experiment results show that the delay of BSSN-SDNs is acceptable and is positively correlated with the number of policies and the number of SDN domains involved in negotiation.
15
Al-Shareeda, Mahmood A., Abeer Abdullah Alsadhan, Hamzah H. Qasim, and Selvakumar Manickam. "Software defined networking for internet of things: review, techniques, challenges, and future directions." Bulletin of Electrical Engineering and Informatics 13, no. 1 (2024): 638–47. http://dx.doi.org/10.11591/eei.v13i1.6386.
Full textAbstract:
Security networks as one of the biggest issue for network managers with the exponential growth of devices connected to the internet. Keeping a big and diverse network running smoothly and securely is no easy feat. With this in mind, emerging technologies like software defined networking (SDN) and internet of things (IoT) hold considerable promise for information service innovation in the cloud and big data era. Therefore, this paper describes the model of SDN and the architecture of IoT. Then this review does not only review the research studies in SDN-IoT but also provides an explanation of the SDN-IoT solution in terms of architecture, main consideration, model, and the implementation of SDN controllers for IoT. Finally, this review discusses the challenges and future directions. This paper can be used as a starting point for thinking about how to improve SDN-IoT security and privacy.
16
Alkhamisi, Abrar, Iyad Katib, and Seyed M. Buhari. "Blockchain-Based Control Plane Attack Detection Mechanisms for Multi-Controller Software-Defined Networks." Electronics 13, no. 12 (2024): 2279. http://dx.doi.org/10.3390/electronics13122279.
Full textAbstract:
A Multi-Controller Software-Defined Network (MC-SDN) is a revolutionary concept comprising multiple controllers and switches separated using programmable features, enhancing network availability, management, scalability, and performance. The MC-SDN is a potential choice for managing large, heterogeneous, complex industrial networks. Despite the rich operational flexibility of MC-SDN, it is imperative to protect the network deployment with proper protection against potential vulnerabilities that lead to misuse and malicious activities on the MC-SDN structure. The security holes in the MC-SDN structure significantly impact network survivability and performance efficiency. Hence, detecting MC-SDN security attacks is crucial to improving network performance. Accordingly, this work intended to design blockchain-based controller security (BCS) that exploits the advantages of immutable and distributed ledger technology among multiple controllers and securely manages the controller communications against various attacks. Thereby, it enables the controllers to maintain consistent network view and accurate flow tables among themselves and also neglects the controller failure issues. Finally, the experimental results of the proposed BCS approach demonstrated superior performance under various scenarios, such as attack detection, number of attackers, number of controllers, and number of compromised controllers, by applying different performance metrics.
17
Hande, Yogita, and Akkalashmi Muddana. "A Survey on Intrusion Detection System for Software Defined Networks (SDN)." International Journal of Business Data Communications and Networking 16, no. 1 (2020): 28–47. http://dx.doi.org/10.4018/ijbdcn.2020010103.
Full textAbstract:
Presently, the advances of the internet towards a wide-spread growth and the static nature of traditional networks has limited capacity to cope with organizational business needs. The new network architecture software defined networking (SDN) appeared to address these challenges and provides distinctive features. However, these programmable and centralized approaches of SDN face new security challenges which demand innovative security mechanisms like intrusion detection systems (IDS's). The IDS of SDN are designed currently with a machine learning approach; however, a deep learning approach is also being explored to achieve better efficiency and accuracy. In this article, an overview of the SDN with its security concern and IDS as a security solution is explained. A survey of existing security solutions designed to secure the SDN, and a comparative study of various IDS approaches based on a deep learning model and machine learning methods are discussed in the article. Finally, we describe future directions for SDN security.
18
Salama, Ramiz, Chadi Altrjman, and Fadi Al-Turjman. "Network Security in Architectures for Software Defined Networking (SDN)." NEU Journal for Artificial Intelligence and Internet of Things 4, no. 1 (2025): 37–44. https://doi.org/10.32955/neuaiit202541960.
Full textAbstract:
SDN (Software Defined Networking) is a new network design that separates the control and dataplanes, allowing for better network management and centralized control. This decoupling makes networks more programmable, scalable, and flexible, which is critical for meeting the changing requirements of modern digital environments. Although SDN streamlines network administration, it also adds new security risks, such as the possibility of centralized control failures, expanded attack surfaces, and vulnerability to multiple network attack types. SDN architectures must include network security to mitigate these dangers. This includes setting up automated responses to detect and remove threats, as well as implementing security capabilities like real-time traffic monitoring into the SDN controller. Furthermore, SDN's programmability allows for the dynamic deployment of security policies across the network, increasing the network's ability to respond to emerging threats. A more robust and flexible security posture can be achieved by effectively managing and coordinating security solutions like as intrusion detection systems (IDS), firewalls, and distributed denial of service (DDoS) mitigation with SDN controllers. This paper examines many techniques to incorporate network security into SDN systems, highlighting the benefits of centralized policy enforcement, real-time monitoring, and SDN's agility in implementing security measures. Along with future advances such as the use of AI and machine learning for automated incident response and predictive threat analysis, the challenges and restrictions of safeguarding SDN configurations are discussed. To deal with the rising complexity and sophistication of assaults in SDN-based networks, the study underlines the importance of continuous innovation in security mechanism.
19
Siham, Aouad, El Meghrouni Issam, Sabri Yassine, Hilmani Adil, and Maizate Abderrahim. "Security of software defined networks: evolution and challenges." International Journal of Reconfigurable and Embedded Systems (IJRES) 12, no. 3 (2023): 384–91. https://doi.org/10.11591/ijres.v12.i3pp384-391.
Full textAbstract:
In software-defined networking (SDN), network traffic is managed by software controllers or application programming interfaces (APIs) rather than hardware components. It differs from traditional networks, which use switches and routers to control traffic. Using SDN, you can create and control virtual networks or traditional hardware networks. Furthermore, OpenFlow allows network administrators to control exact network behavior through centralized control of packet forwarding. For these reasons, SDN has advantages over certain security issues, unlike traditional networks. However, most of the existing vulnerabilities and security threats in the traditional network also impact the SDN network. This document presents the attacks targeting the SDN network and the solutions that protect against these attacks. In addition, we introduce a variety of SDN security controls, such as intrusion detection systems (IDS)/intrusion prevention system (IPS), and firewalls. Towards the end, we outline a conclusion and perspectives.
20
Deepak, Kumar* Manu Sood. "SOFTWARE DEFINED NETWORKS (SDN): APPROACHES NEEDED FOR UP-GRADATION OF SDN'S." INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY 6, no. 2 (2017): 521–26. https://doi.org/10.5281/zenodo.322481.
Full textAbstract:
SDN has changed the way of thinking about networks. SDN networks are flexible, scalable and easily manageable. Application that runs on the management plane actually utilize the network efficiency, So application developed should be capable of handling the controllers functionality. Each of the application that runs should be free from viruses, so that it does not affect the controller. Also we need to increase the level of security in all layers of the SDN architecture. SDN is growing faster and faster and it has reached the platform where we can also apply other fields concepts. Now SDN researcher are looking for the overcome the existing drawback. So that it can even support heterogeneous networks in a very smooth and flexible way.
21
Sablok, Aman, and Rohini S. Hallikar. "SDN Integration with Firewalls and Enhancing Security Monitoring on Firewalls." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 07, no. 10 (2023): 1–11. http://dx.doi.org/10.55041/ijsrem26202.
Full textAbstract:
Software-defined Networking (SDN) has revolutionized the way networks are managed and operated by decoupling the control plane from the data plane. This separation allows for centralized control and programmability, offering greater flexibility, scalability, and agility in network management.Firewalls, renowned for their robust security features, play a critical role in protecting network traffic. Integrating SDN principles and technologies with Firewalls presents an opportunity to enhance their management, scalability, and orchestration capabilities. This paper explores the integration of SDN with Firewalls, focusing on leveraging SDN controllers and software defined networking architectures to augment the underlying BSD-based operating system. By integrating SDN controllers, organizations can centrally manage firewall policies, dynamically enforce security rules, and gain real-time visibility into network traffic. Furthermore, SDN enables efficient scalability of Firewalls by dynamically allocating resources and load balancing traffic. This paper also explores methods to enhance security monitoring and analytics on Firewalls. It focuses on leveraging advanced techniques, technologies, and integration approaches to optimize security monitoring and strengthen the firewall’s ability to detect and respond to security threats. Security monitoring and analytics are crucial components of modern network infrastructure to detect and mitigate potential threats. Firewalls, known for their robust security features, serve as critical gateways for network traffic. Enhancing security monitoring and analytics capabilities on Firewalls can significantly improve threat detection, incident response, and overall network security posture. Index Terms—Firewalls , Software Defined Networking(SDN) , Enhancing
22
Aouad, Siham, Issam El Meghrouni, Yassine Sabri, Adil Hilmani, and Abderrahim Maizate. "Security of software defined networks: evolution and challenges." International Journal of Reconfigurable and Embedded Systems (IJRES) 12, no. 3 (2023): 384. http://dx.doi.org/10.11591/ijres.v12.i3.pp384-391.
Full textAbstract:
<span>In software-defined networking (SDN), network traffic is managed by software controllers or application programming interfaces (APIs) rather than hardware components. It differs from traditional networks, which use switches and routers to control traffic. Using SDN, you can create and control virtual networks or traditional hardware networks. Furthermore, OpenFlow allows network administrators to control exact network behavior through centralized control of packet forwarding. For these reasons, SDN has advantages over certain security issues, unlike traditional networks. However, most of the existing vulnerabilities and security threats in the traditional network also impact the SDN network. This document presents the attacks targeting the SDN network and the solutions that protect against these attacks. In addition, we introduce a variety of SDN security controls, such as intrusion detection systems (IDS)/intrusion prevention system (IPS), and firewalls. Towards the end, we outline a conclusion and perspectives.</span>
23
Manikumar S, Lakshmana, and Dr. K. Savitha. "Design and Implementation of Secure Data Transmission Using SDN and Advanced Cryptographic Techniques." International Journal of Advanced Networking and Applications 16, no. 06 (2025): 6670–76. https://doi.org/10.35444/ijana.2025.16607.
Full textAbstract:
With the rapid evolution of network technologies, ensuring secure and efficient data transmission has become a critical challenge, especially with the increasing adoption of Software-Defined Networking (SDN). Traditional network architectures struggle to address security threats such as data breaches, unauthorized access, and control-plane attacks. SDN, while offering centralized control and programmability, also introduces vulnerabilities that can be exploited by malicious actors. This research focuses on designing and implementing a secure data transmission framework that integrates SDN with advanced cryptographic techniques to mitigate these security risks. The proposed framework employs AES-256 encryption for data confidentiality, DiffieHellman (DH) key exchange for secure key distribution, and Transport Layer Security (TLS) for securing control-plane communication. Unlike existing approaches, this multi-layered security model enhances network resilience while maintaining optimal performance. The methodology involves developing an SDN-based network environment using the Ryu controller and Mininet emulator, implementing encryption mechanisms, and evaluating key performance metrics such as packet delivery rate, latency, and resource utilization. Experimental results demonstrate a 100% packet delivery rate, no packet loss, and an average latency of 3-5 ms. Despite the slight increase in CPU and memory utilization, the framework effectively balances security and efficiency, making it a robust solution for modern network infrastructures.
24
Kaur, H., N. Singh, and L. Kaur. "SECURITY EVALUATION FOR SDN BASED NETWORKS." Advances in Mathematics: Scientific Journal 9, no. 6 (2020): 4067–75. http://dx.doi.org/10.37418/amsj.9.6.88.
Full text
25
Lee, Ye-won, and Chae-woo Lee. "Security System Load Reduction in SDN." Journal of Korean Institute of Communications and Information Sciences 46, no. 12 (2021): 2251–61. http://dx.doi.org/10.7840/kics.2021.46.12.2251.
Full text
26
D, Kumar, and Veni C. "IoE Security Through Multi-Agent SDN." International Journal of Computer Trends and Technology 69, no. 12 (2021): 5–9. http://dx.doi.org/10.14445/22312803/ijctt-v69i12p102.
Full text
27
Cai, Zhiping, Chengchen Hu, Kai Zheng, Yang Xu, and Qiang Fu. "Network Security and Management in SDN." Security and Communication Networks 2018 (June 4, 2018): 1–2. http://dx.doi.org/10.1155/2018/7928503.
Full text
28
Correa Chica, Juan Camilo, Jenny Cuatindioy Imbachi, and Juan Felipe Botero Vega. "Security in SDN: A comprehensive survey." Journal of Network and Computer Applications 159 (June 2020): 102595. http://dx.doi.org/10.1016/j.jnca.2020.102595.
Full text
29
Fartitchou, Mohamed, Ismail Lamaakal, Yassine Maleh, et al. "IOTASDN: IOTA 2.0 Smart Contracts for Securing Software-Defined Networking Ecosystem." Sensors 24, no. 17 (2024): 5716. http://dx.doi.org/10.3390/s24175716.
Full textAbstract:
Software-Defined Networking (SDN) has revolutionized network management by providing unprecedented flexibility, control, and efficiency. However, its centralized architecture introduces critical security vulnerabilities. This paper introduces a novel approach to securing SDN environments using IOTA 2.0 smart contracts. The proposed system utilizes the IOTA Tangle, a directed acyclic graph (DAG) structure, to improve scalability and efficiency while eliminating transaction fees and reducing energy consumption. We introduce three smart contracts: Authority, Access Control, and DoS Detector, to ensure trusted and secure network operations, prevent unauthorized access, maintain the integrity of control data, and mitigate denial-of-service attacks. Through comprehensive simulations using Mininet and the ShimmerEVM IOTA Test Network, we demonstrate the efficacy of our approach in enhancing SDN security. Our findings highlight the potential of IOTA 2.0 smart contracts to provide a robust, decentralized solution for securing SDN environments, paving the way for the further integration of blockchain technologies in network management.
30
Waseem, Quadri, Sultan S. Alshamrani, Kashif Nisar, Wan Isni Sofiah Wan Din, and Ahmed Saeed Alghamdi. "Future Technology: Software-Defined Network (SDN) Forensic." Symmetry 13, no. 5 (2021): 767. http://dx.doi.org/10.3390/sym13050767.
Full textAbstract:
The software-defined networking (SDN) paradigm has recently emerged as a trend to build various protocols, develop more reliable networks, enhance the data flow controlling, and provide security in a much simpler and flexible way. SDN helps to ease management and handle asymmetric connectivity across various nodes. It solves the problems of network and cloud security and hence provides the best solution for the safety of data on the network. Therefore, we feel the urge to research more and provide the basics of SDN forensics, mention its advantages in network especially in the cloud, and present its elaborate prospects in context with Network Forensic (NF) and Cloud Forensic (CF). In this research article, we explained in detail the NF and CF with emphasis on Network security (NS) and Cloud Security (CS). The paper also provided the various security approaches and categories. Then, an overview of the software-defined networking (SDN) is mentioned. We also discussed the use of SDN in Network Forensic and Cloud Forensic. Furthermore, to aid the SDN forensic, we presented the advantages, challenges, and issues along with future research directions of SDN in network forensic and cloud forensic, and at last, we thus express and explore the need for security in forensic based on the SDN paradigm in the form of a set of suggested recommendations.
31
Islam, MD Samiul, Mohammed Al-Mukhtar, MD Rahat Kader Khan, and Mojammel Hossain. "A Survey on SDN and SDCN Traffic Measurement: Existing Approaches and Research Challenges." Eng 4, no. 2 (2023): 1071–115. http://dx.doi.org/10.3390/eng4020063.
Full textAbstract:
The Software-Defined Network (SDN) is a next-generation network that uses OpenFlow to decouple the control plane from the data plane of forwarding devices. Other protocols for southbound interfaces include ForCES and POF. However, some security issues might be in action on the SDN, so that attackers can take control of the SDN control plane. Since live video calling, QoS control, high bandwidth needs, and resource management are inevitable in any SDN/Software-Defined Cellular Network (SDCN), traffic monitoring is an integral approach for safeguarding against DDoS, heavy hitters, and superspreaders. In such a scenario, SDN traffic measurement comes into action. Thus, we survey SDN traffic measurement solutions to assess how these solutions can make a secure, efficient, and robust SDN/SDCN architecture. This research classifies SDN traffic measurement solutions according to network application behavior and compares several ML approaches. Furthermore, we find out the challenges related to SDN/SDCN traffic measurement and the future scope of research, which will guide the design and development of more advanced traffic measurement solutions for a scalable, heterogeneous, hierarchical, and widely deployed SDN/SDCN architecture. In more detail, we list different kinds of practical machine learning (ML) approaches to analyze how we can improve traffic measurement performances. We conclude that using ML in SDN traffic measurement solutions will help secure SDNs/SDCNs in complementary ways.
32
Sravani, Mrs P., K. Shiva Kumar, P. Jai Raj Sai, K. Mohan Aditya, and S. S. K. Chaitanya. "Botnet Attacks in Computer Network Security." International Journal for Research in Applied Science and Engineering Technology 13, no. 3 (2025): 1826–34. https://doi.org/10.22214/ijraset.2025.67676.
Full textAbstract:
Abstract: This paper introduces a deep learning-oriented framework for identifying and preventing botnet-caused DDoS attacks in Software-Defined Networking (SDN). Conventional security techniques experience high false alarms and slow detection because of the dynamic nature of botnet attacks. To improve this, the system utilizes Convolutional Neural Networks (CNNs) to detect anomalies in real-time and a graph theory-oriented dynamic flow management algorithm for preventing attacks. Experimental assessments with CICIDS 2017 and Bot-IoT datasets and a simulated SDN testbed (Mininet) indicate that the system detects attacks with 98.2% accuracy, sustains 85% network throughput during attack, and neutralizes threats in five seconds. In comparison to traditional models such as KNN, SVM, and Random Forest, the CNN-based model exhibits better accuracy, flexibility, and scalability. This work adds to SDN security by combining real-time traffic observation, deep learning, and adaptive flow control for better network cyber-threat resilience. Potential future developments are reinforcement learning-based defenses, enlarging datasets, and empirical SDN evaluations
33
Pliekhova, G. А., S. М. Neronov, М. V. Kostikova, and S. O. Kashkevich. "Improvement of the secure routing model in software-configured networks." Bionics of Intelligence 1, no. 100 (2024): 50–57. http://dx.doi.org/10.30837/bi.2024.1(100).07.
Full textAbstract:
Currently, the deployment of such network architectures as Software-Defined Networking (SDN) is facing new cyber security threats that require the development and research of new specialized solutions to increase the level of network security. Despite its high openness and programmability, the SDN architecture replaces the traditional network, but it increases the number of potential network attacks, which leads to new security problems. The growing interest in SDN and the widespread deployment of software-configured networks of various types allow identifying their shortcomings in the process of combating cyber security threats. Obviously, security issues are closely related to the characteristics of SDN networks themselves. Furthermore, security issues in SDN can be divided based on three layers: data plane, control plane, and application plane. At the same time, devices of different SDN levels can be among the objects of attacks. Therefore, according to the multilayer architecture of SDN, security threats can be classified at the data transmission, management and application layers. For its part, the data plane consists of switches and other network devices and is mainly responsible for data processing, forwarding, discarding, and collecting statistics. The data plane functions on the basis of flow rules provided by the network controller. While the main causes of security problems are the SDN architecture itself, external malicious attacks, insufficient access control and encryption tools. Today, an important place in the complex of means of increasing network security, including SDN networks, is given to routing protocols, which require the systematic and coordinated interaction of a number of network elements at the same time – SDN switches and network controllers during the formation (calculation) of paths and flow rules, along which the required level of security must be ensured according to selected indicators or criteria. The paper analyzes how to modify route metrics in such a way that the resulting model acquires the properties of secure QoS routing. It is shown that the improvement of the model and the choice of the route should be chosen taking into account the basic metrics of the criticality of vulnerabilities and the bandwidth of the communication channels that make up this route.
34
Ameen, Ali. "ASSURING THE SDN SECURITY BY MODELLING AND COMPARING SDN PROPOSED TOPOLOGIES USING PETRI NETS." Journal of Engineering Science XXVIII, no. 4 (2021): 93–105. http://dx.doi.org/10.52326/jes.utm.2021.28(4).08.
Full textAbstract:
The soaring number of applications for autonomous systems in different aspects like air, sea, and space is creating the need for new methodologies and architectures’ technologies to consolidate the verification of system-level and system-of-systems level. The implementation of cybersecurity standards and software is critical to supporting infrastructure. This article discusses some security issues regarding autonomous systems' computer networks. It proposes the usage of Software-Defined Networks (SDN) technologies as a solution, after providing better security in SDN environment through the usage of the HYDRA framework and the usage of multiple controllers in specific topologies to ensure the security of SDN in precise and to ensure the security of the autonomous systems' computer networks in general as well. We propose a framework that contains 3 different types of controllers' topologies and each topology can use 4 algorithms, HYDRA, VPN, Double RSA, and least but not last comes blockchain technology which is the core of our security.
35
Sarica, Alper Kaan, and Pelin Angin. "Explainable Security in SDN-Based IoT Networks." Sensors 20, no. 24 (2020): 7326. http://dx.doi.org/10.3390/s20247326.
Full textAbstract:
The significant advances in wireless networks in the past decade have made a variety of Internet of Things (IoT) use cases possible, greatly facilitating many operations in our daily lives. IoT is only expected to grow with 5G and beyond networks, which will primarily rely on software-defined networking (SDN) and network functions virtualization for achieving the promised quality of service. The prevalence of IoT and the large attack surface that it has created calls for SDN-based intelligent security solutions that achieve real-time, automated intrusion detection and mitigation. In this paper, we propose a real-time intrusion detection and mitigation solution for SDN, which aims to provide autonomous security in the high-traffic IoT networks of the 5G and beyond era, while achieving a high degree of interpretability by human experts. The proposed approach is built upon automated flow feature extraction and classification of flows while using random forest classifiers at the SDN application layer. We present an SDN-specific dataset that we generated for IoT and provide results on the accuracy of intrusion detection in addition to performance results in the presence and absence of our proposed security mechanism. The experimental results demonstrate that the proposed security approach is promising for achieving real-time, highly accurate detection and mitigation of attacks in SDN-managed IoT networks.
36
Gaur, Kuntal, Umashankar Rawat, Saket Acharya, Pradeep Kumar, and Anshuman Kalla. "Novel framework for enhancing security of SDN based VPLS architecture." Journal of Discrete Mathematical Sciences and Cryptography 27, no. 4 (2024): 1331–43. http://dx.doi.org/10.47974/jdmsc-1986.
Full textAbstract:
Software-Defined Networking (SDN) is an emerging technology that enables the extension of a single Ethernet broadcast domain over a wide area network. However, there are still several major network security threats that could lead to network and resource unavailability, man-in-the-middle attacks, cryptographic flaws, and other vulnerabilities. This paper presents a method that proposes the use of Trusted Platform Module (TPM)-based SDN Virtual Private LAN Services (VPLS), which is intended to provide a secure solution that can help mitigate various network attacks. Open VSwitch (OVS) is a virtual switch that can be used to implement SDN-based VPLS networks. Direct Anonymous Attestation (DAA) is used to verify the authenticity of hardware devices without revealing any identifying information about the devices. The proposed architecture is implemented in a testbed to analyze the performance. The results show that TPM can be utilized in an SDN network to enhance security by securely storing encryption keys and certificates.
37
Algarni, Sultan, Fathy Eassa, Khalid Almarhabi, Abdullah Algarni, and Aiiad Albeshri. "BCNBI: A Blockchain-Based Security Framework for Northbound Interface in Software-Defined Networking." Electronics 11, no. 7 (2022): 996. http://dx.doi.org/10.3390/electronics11070996.
Full textAbstract:
Software-defined networking (SDN) has emerged as a flexible and programmable network architecture that takes advantage of the benefits of global visibility and centralized control over a network. One of the main properties of the SDN architecture is the ability to offer a northbound interface (NBI), which enables network applications to access the SDN controller resources. However, the NBI can be compromised by a malicious application due to the lack of standardization and security aspects in the most current NBI designs. Therefore, in this paper, we propose a novel comprehensive security solution for securing the application–controller interface, named BCNBI. We propose a controller-independent lightweight blockchain architecture and exploit the security features of blockchain while limiting the blockchain’s computational overhead. BCNBI automatically verifies application and SDN controller credentials through token-based authentication. The proposed solution enforces fine-grained access control for each application’s API request and classifies the permission set into strict and normal policies, in order to add an extra level of security. In addition, the trustworthiness of applications is evaluated in order to prevent malicious activities. We implemented our blockchain-based solution to analyze its security, based on the confidentiality–integrity–availability model criteria, and evaluated the introduced overhead in terms of processing time and packet overhead. The experimental results demonstrate that the BCNBI can effectively secure the NBI, based on the fundamental security goals, while introducing insignificant overhead.
38
Petukhov, Andrey N., and Paul L. Pilyugin. "”Common Criteria” and Software Defined Network Security." Modeling and Analysis of Information Systems 26, no. 1 (2019): 134–45. http://dx.doi.org/10.18255/1818-1015-2019-1-134-145.
Full textAbstract:
«Common criteria» (ISO 15408) is a universally recognized and broadly applicable approach to information security solutions management and evaluation. «Common criteria» leans on developing a shared conceptual basis for key security solution modules including protection profiles and security targets. Conceptual basis development implies defining the following elements: security objectives and assumptions (for the environment and the object), threats and security policies, as well as functional and assurance requirements. The specifics of SDN (software defined network) security solutions is largely driven by fundamental architectural principles of SDN technology itself − primarily by the separation of control and data flows, − and by conditions imposed by Open Flow protocol application. However, proactive (threats and policies), passive (objectives and assumptions) and reactive (requirements) aspects of security management remain highly relevant for this type of security solutions. This paper discusses the Common Criteria application specifics for assessing the SDN security and practical MTUCI (Moscow Technical University of Communications and Informatics) experience in the development of the protection profile. A new class of network attacks on SDN switches and controllers can involve either data or control components. In addition to traditional vulnerabilities, centralization of management functions paves way for new security threats by isolating controller activity and administrative message exchange. Therefore, identifying and analyzing threats, policies and requirements specific to SDN control module security becomes an emerging priority.
39
Onyema, Edeh Michael, M. Anand Kumar, Sundaravadivazhagn Balasubaramanian, et al. "A Security Policy Protocol for Detection and Prevention of Internet Control Message Protocol Attacks in Software Defined Networks." Sustainability 14, no. 19 (2022): 11950. http://dx.doi.org/10.3390/su141911950.
Full textAbstract:
Owing to the latest advancements in networking devices and functionalities, there is a need to build future intelligent networks that provide intellectualization, activation, and customization. Software-defined networks (SDN) are one of the latest and most trusted technologies that provide a method of network management that provides network virtualization. Although traditional networks still have a strong presence in the industry, software-defined networks have begun to replace them at faster rates. When network technologies emerge at a steady rate, SDN will be implemented at higher rates in the upcoming years in all fields. Although SDN technology removes the complexity of tying control and data plane together over traditional networks, certain aspects such as security, controllability, and economy of network resources are vulnerable. Among these aspects, security is one of the main concerns that are to be viewed seriously as far as the applications of SDN are concerned. This paper presents the most recent security issues SDN environment followed by preventive mechanisms. This study focuses on Internet control message protocol (ICMP) attacks in SDN networks. This study proposes a security policy protocol (SPP) to detect attacks that target devices such as switches and the SDN controller in the SDN networks. The mechanism is based on ICMP attacks, which are the main source of flooding attacks in the SDN networks. The proposed model focuses on two aspects: security policy process verification and client authentication verification. Experimental results shows that the proposed model can effectively defend against flooding attacks in SDN network environments.
40
Alrashede, Hamad, Fathy Eassa, Abdullah Marish Ali, Faisal Albalwy, and Hosam Aljihani. "A Blockchain-Based Security Framework for East-West Interface of SDN." Electronics 13, no. 19 (2024): 3799. http://dx.doi.org/10.3390/electronics13193799.
Full textAbstract:
Software-Defined Networking (SDN) has emerged as a revolutionary architecture in computer networks, offering comprehensive network control and monitoring capabilities. However, securing the east–west interface, which is crucial for communication between distributed SDN controllers, remains a significant challenge. This study proposes a novel blockchain-based security framework that integrates Ethereum technology with customized blockchain algorithms for authentication, encryption, and access control. The framework introduces decentralized mechanisms to protect against diverse attacks, including false data injection, man-in-the-middle (MitM), and unauthorized access. Experimental results demonstrate the effectiveness of this framework in securing distributed controllers while maintaining high network performance and low latency, paving the way for more resilient and trustworthy SDN infrastructures.
41
Tsuchiya, Akihiro, Francisco Fraile, Ichiro Koshijima, Angel Ortiz, and Raul Poler. "Software defined networking firewall for industry 4.0 manufacturing systems." Journal of Industrial Engineering and Management 11, no. 2 (2018): 318. http://dx.doi.org/10.3926/jiem.2534.
Full textAbstract:
Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal.Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines.Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section.Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.
42
Alrashede, Hamad, Fathy Eassa, Abdullah Marish Ali, Hosam Aljihani, and Faisal Albalwy. "Enhancing east-west interface security in heterogeneous SDN via blockchain." PeerJ Computer Science 11 (May 26, 2025): e2914. https://doi.org/10.7717/peerj-cs.2914.
Full textAbstract:
Software defined networking (SDN) increasingly integrates multiple controllers from diverse vendors to enhance network scalability, flexibility, and reliability. However, such heterogeneous deployments pose significant security threats, especially at the east-west interface which is connecting these controllers. Existing solutions are inadequate for ensuring robust protection across multi-vendor SDN environments as most of them are meant to a specific type of attacks, use centralized solution, or designed for homogeneous SDN environments. This study proposes a blockchain-based security framework to address existing security gaps within heterogeneous SDN environments. The framework establishes a decentralized, robust, and interoperable security layer for distributed SDN controllers. By utilizing the Ethereum blockchain with customized smart contract-based checks, the proposed approach enables mutual authentication among controllers, secures data exchange, and controls network access. The framework effectively mitigates common SDN threats such as distributed denial-of-service (DDoS), man-in-the-middle (MitM), false data injection, and unauthorized access. Experimental results highlight the practicality of the solution, achieving a stable throughput of approximately 20 transactions per second with an average authentication latency of 28–40 ms. These results demonstrate that the proposed framework not only enhances inter-controller communication security but also maintains the network performance, making it a reliable and scalable solution for real-world SDN deployments.
43
Tsehay, Admassu Assegie, and Sekharan Nair Pramod. "A review on software defined network security risks and challenges." TELKOMNIKA Telecommunication, Computing, Electronics and Control 17, no. 6 (2019): 3168–74. https://doi.org/10.12928/TELKOMNIKA.v17i6.13119.
Full textAbstract:
Software defined network is an emerging network architecture that separates the traditional integrated control logic and data forwarding functionality into different planes, namely the control plane and data forwarding plane. The data plane does an end-to-end data delivery. And the control plane does the actual network traffic forwarding and routing between different network segments. In software defined network the networking infrastructure layer is where the entire networking device, such as switches and routers are connected with the separate controller layer with the help of standard called OpenFlow protocol. The OpenFlow is a standard protocol that allows different vendor devices like juniper, cisco and huawei switches to be connected to the controller. The centralization of the software defined network (SDN) controller makes the network more flexible, manageable and dynamic, such as provisioning of bandwidth, dynamic scale out and scale in compared to the traditional communication network, however, the centralized SDN controller is more vulnerable to security risks such as DDOS and flow rule poisoning attack. In this paper, we will explore the architectures, the principles of software defined network and security risks associated with the centralized SDN controller and possible ways to mitigate these risks.
44
Cheng, Haosu, Jianwei Liu, Jian Mao, Mengmeng Wang, Jie Chen, and Jingdong Bian. "A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN." Security and Communication Networks 2018 (November 15, 2018): 1–20. http://dx.doi.org/10.1155/2018/8392080.
Full textAbstract:
Software-defined networking (SDN) is a representative next generation network architecture, which allows network administrators to programmatically initialize, control, change, and manage network behavior dynamically via open interfaces. SDN is widely adopted in systems like 5G mobile networks and cyber-physical systems (CPS). However, SDN brings new security problems, e.g., controller hijacking, black-hole, and unauthorized data modification. Traditional firewall or IDS based solutions cannot fix these challenges. It is also undesirable to develop security mechanisms in such an ad hoc manner, which may cause security conflict during the deployment procedure. In this paper, we propose OSCO (Open Security-enhanced Compatible OpenFlow) platform, a unified, lightweight platform to enhance the security property and facilitate the security configuration and evaluation. The proposed platform supports highly configurable cryptographic algorithm modules, security protocols, flexible hardware extensions, and virtualized SDN networks. We prototyped our platform based on the Raspberry Pi Single Board Computer (SBC) hardware and presented a case study for switch port security enhancement. We systematically evaluated critical security modules, which include 4 hash functions, 8 stream/block ciphers, 4 public-key cryptosystems, and key exchange protocols. The experiment results show that our platform performs those security modules and SDN network functions with relatively low computational (extra 2.5% system overhead when performing AES-256 and SHA-256 functions) and networking performance overheads (73.7 Mb/s TCP and 81.2Mb/s UDP transmission speeds in 100Mb/s network settings).
45
Aly, Wael Hosny Fouad, Hassan Kanj, Nour Mostafa, and Samer Alabed. "Feedback ARMA Models versus Bayesian Models towards Securing OpenFlow Controllers for SDNs." Electronics 11, no. 9 (2022): 1513. http://dx.doi.org/10.3390/electronics11091513.
Full textAbstract:
In software-defined networking (SDN), the control layers are moved away from the forwarding switching layers. SDN gives more programmability and flexibility to the controllers. OpenFlow is a protocol that gives access to the forwarding plane of a network switch or router over the SDN network. OpenFlow uses a centralized control of network switches and routers in and SDN environment. Security is of major importance for SDN deployment. Transport layer security (TLS) is used to implement security for OpenFlow. This paper proposed a new technique to improve the security of the OpenFlow controller through modifying the TLS implementation. The proposed model is referred to as the secured feedback model using autoregressive moving average (ARMA) for SDN networks (SFBARMASDN). SFBARMASDN depended on computing the feedback for incoming packets based on ARMA models. Filtering techniques based on ARMA techniques were used to filter the packets and detect malicious packets that needed to be dropped. SFBARMASDN was compared to two reference models. One reference model was Bayesian-based and the other reference model was the standard OpenFlow.
46
Mishra, Shailendra. "SDN-Based Secure Architecture for IoT." International Journal of Knowledge and Systems Science 11, no. 4 (2020): 1–16. http://dx.doi.org/10.4018/ijkss.2020100101.
Full textAbstract:
Internet of things (IoT) means connecting things through the internet. The growing market for IoT also attracts malicious individuals trying to gain access to the marketplace. Security issues are among the most significant worries in companies that rely on the cloud of things to do business. SDN-based architecture has improved the security of IoT networks. The centralized controller is responsible for managing the critical network's operations, and growing the network size increases the network load in the controller. Controllers in SDN-based architecture are still facing security challenges such as unauthorized access, configuration issues, distributed denial of service (DDoS) attacks, and a man-in-the-middle (MITM) attacks. The attack scenario and security of SDN-based IoT networks are evaluated in this research. The simulation results show that the proposed approach and security solutions are fast and effective in mitigating the attacks.
47
Su, Yinghao, Dapeng Xiong, Kechang Qian, and Yu Wang. "A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined Network." Electronics 13, no. 4 (2024): 807. http://dx.doi.org/10.3390/electronics13040807.
Full textAbstract:
The widespread adoption of software-defined networking (SDN) technology has brought revolutionary changes to network control and management. Compared to traditional networks, SDN enhances security by separating the control plane from the data plane and replacing the traditional network architecture with a more flexible one. However, due to its inherent architectural flaws, SDN still faces new security threats. This paper expounds on the architecture and security of SDN, analyzes the vulnerabilities of SDN architecture, and introduces common distributed denial of service (DDoS) attacks within the SDN architecture. This article also provides a review of the relevant literature on DDoS attack detection and mitigation in the current SDN environment based on the technologies used, including statistical analysis, machine learning, policy-based, and moving target defense techniques. The advantages and disadvantages of these technologies, in terms of deployment difficulty, accuracy, and other factors, are analyzed. Finally, this study summarizes the SDN experimental environment and DDoS attack traffic generators and datasets of the reviewed literature and the limitations of current defense methods and suggests potential future research directions.
48
De Bruyn, Ben. "The Hot War: Climate, Security, Fiction." Studies in the Novel 50, no. 1 (2018): 43–67. http://dx.doi.org/10.1353/sdn.2018.0003.
Full text
49
Levterov, Andrii, Hanna Pliekhova, Maryna Kostikova, Nataliia Berezhna, and Anton Okun. "ENHANCING SECURITY IN SOFTWARE-DEFINED NETWORKING THROUGH ROUTING TECHNIQUES EXPLORATION." Bulletin of National Technical University "KhPI". Series: System Analysis, Control and Information Technologies, no. 1 (9) (July 15, 2023): 10–18. http://dx.doi.org/10.20998/2079-0023.2023.01.02.
Full textAbstract:
In today's world, network security is a key issue of information security. Virtual Networks have become an integral part of modern IT infrastructure, which presents us with challenges in the field of security. One solution to this problem is the use of software-defined networking (SDN), which provides a means to control and manage network traffic. However, as with any technology, SDN has its vulnerabilities that must be considered when deploying it. One of the tools that helps to take into account the vulnerabilities of network infrastructure is the Common Vulnerability Scoring System (CVSS) standard. It allows you to quantify the level of vulnerability of the infrastructure, which enables effective network protection. Analysis of the CVSS standard is an important stage in the development of a network security strategy. This paper analyzes the standards for building software-configured networks. It is noted that SDN is a modern approach to the design, construction, and operation of information communication networks. Using SDN makes it possible to directly program and dynamically manage the network, as well as to abstract the functionality of the infrastructure layer. However, the growing interest in SDN has revealed the shortcomings of their application in the fight against cybersecurity threats. The SDN architecture itself, external malicious attacks, and insufficient access control and encryption tools were found to be the main security challenges. The use of secure routing tools based on vulnerability metrics is proposed to increase the level of SDN data plane network security. According to the conducted analysis of SDN data plane vulnerabilities and the functionality of routing tools, the authors recommend using the CVSS standard to quantify the level of infrastructure vulnerability during the development and research of promising approaches to secure routing in the data plane of software-configured networks.
50
Ameen, Ali. "LEVERAGING BLOCKCHAIN TECHNOLOGY TO ASSURE SECURITY OF SDN." Journal of Engineering Science XXVII (4) (December 15, 2020): 128–39. https://doi.org/10.5281/zenodo.4288305.
Full textAbstract:
This article presents a potential solution to secure or ensure a better security level for the Software-Defined Networks (SDN) paradigm; by introducing the usage of blockchain technology in a different way than the Marconi protocol technology proposes. Most of the techniques and methodologies proposed by this research are to patch some security issue the SDN presents like the single point of failure, cause as SDN can provide solutions and flexibility for current computer networks; it could also promote some new security threats since it is still a relatively new technology. In this article those algorithms and methodologies are incorporated together as a full suite or a framework that can be applied as a network application for the software-defined network environment and could be implemented in the management or application plane which is the top layer in the architecture of the SDN as we will see later in this article.