OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions

Zaalouk, Adel; Khondoker, Rahamatullah; Marx, Ronald W.; Bayarou, Kpatcha M.

doi:10.1109/noms.2014.6838409

Cited by 121 publications

(55 citation statements)

References 14 publications

(12 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…4 As expected, we observe an increased controller CPU load for larger networks, for the same attack sending rate. In summary, we can say that the larger the network, the easier it is for an attacker to launch a successful attack on the controller, due to the attack amplification effect.…”

Section: Control Plane Attacksupporting

confidence: 82%

“…OrchSec [4] is an orchestrator-based architecture that mainly aims to improve network security and increase the system performance, flexibility, reliability and reliance through abstracting the control and network monitoring functions from the control plane and placing them at an additional layer, i.e. the Orchestrator.…”

Section: Security Via Sdnmentioning

confidence: 99%

“…4 Figure 6.6 shows the amount of control traffic as a function of the ARP request sending rate, for the same scenario as used in Figure 6.5. As expected, we again see a linear increase in the control traffic overhead for Proxy ARP and a constant value of 0 for SProxy ARP.…”

Section: Controller Overheadmentioning

confidence: 99%

See 2 more Smart Citations

Security in software defined networks

Alharbi¹

View full text Add to dashboard Cite

Software Defined Networking (SDN) is an emerging computer network paradigm and represents one of the most promising technologies to simplify network management and configuration through increased network programmability and abstraction. In contrast to traditional networks, in SDN, the control plane, which makes decisions on how to forward traffic, is separated from the data plane, which transmits traffic to selected destinations. That makes network control (via the SDN controller) more programmable, dynamic and centralised. With the higher level of abstraction that SDN provides, network administrators can more easily configure network services and manage traffic flows without having to configure a large number of individual network devices (switches and routers). The great potential of SDN has led to significant deployments in data centres, wide area networks, etc., and it is growing at a rapid pace.Security is a critical aspect of networking in general and is particularly vital in SDN. Due to its fundamentally new architecture, SDN presents new potential security vulnerabilities and risks. Security in SDN has not received much attention yet, given that it is very distinct and unique.The goal of this PhD was to address this gap and analyse the security of the SDN infrastructure, identify vulnerabilities and weaknesses, and propose corresponding solutions and improvements. The focus was on the fundamental aspects and components of SDN, in particular the building blocks of the control plane components include Topology Discovery, Address Resolution Protocol (ARP) Handling and Virtualisation Layer. Finally, the thesis thoroughly explored and investigated the most common and effective attacks against the SDN architecture.

show abstract

Section: Control Plane Attacksupporting

confidence: 82%

Section: Security Via Sdnmentioning

confidence: 99%

See 1 more Smart Citation

Security in software defined networks

Alharbi¹

View full text Add to dashboard Cite

show abstract

“…[3] lists three core characteristics that differentiate SDN networks from traditional networks from a security perspective, global network view, self-healing mechanism, increased control capabilities. [4] combines SDN and sFlow [5] monitor to defend the DRDoS attack. It decouples the controlling function from monitoring to minimize the cost of controller.…”

Section: Related Workmentioning

confidence: 99%

An Approach for Protecting the OpenFlow Switch from the Saturation Attack

Wang¹,

Zhou²,

Chen³

et al. 2016

Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering

View full text Add to dashboard Cite

Abstract. Security is always a serious issue influencing the development of Software-Defined Network (SDN). The central control mechanism makes the SDN controller a bottleneck of the network which is vulnerable to network saturation attack. In this paper, we propose an approach to defense this kind attack. Firstly, we add a miss matched packet cache module in the OpenFlow switch which can temporarily cache the packets that don't match in the flow table. Besides, we apply the mechanism of separating the header and payload of packets in the cache queue once the switch detects the volume of cache queue exceeding the threshold of the cache size. In addition, the switch can classify the packets headers and send it in an alert message to the SDN controller for further processing. At last in the paper, we evaluate the effort of our proposed approach in Mininet. With our approach, the SDN network can effectively defend the network saturation attack.

show abstract

“…For some organizations the costs and management issues related to these deployments can be prohibitive. Additionally, in traditional networks the lack of a centralized control of these security functions can further complicate their deployment [61]. In contrast, SDN enables the implementation of applications that have the ability to support similar security functions in a much more flexible manner, and it offers a suitable place for the implementation of more accurate, reliable 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 Qazi et al [84] and efficient security solutions.…”

Section: Securitymentioning

confidence: 99%

Resilience support in software-defined networking: A survey

et al. 2015

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an architecture for computer networking that provides a clear separation between network control functions and forwarding operations. The abstractions supported by this architecture are intended to simplify the implementation of several tasks that are critical to network operation, such as routing and network management. Computer networks have an increasingly important societal role, requiring them to be resilient to a range of challenges. Previously, research into network resilience has focused on the mitigation of several types of challenges, such as natural disasters and attacks. Capitalising on its benefits, including increased programmability and a clearer separation of concerns, significant attention has recently focused on the development of resilience mechanisms that use software-defined networking approaches. In this article, we present a survey that provides a structured overview of the resilience support that currently exists in this important area. We categorize the most recent research on this topic with respect to a number of resilience disciplines. Additionally, we discuss the lessons learned from this investigation, highlight the main challenges faced by SDNs moving forward, and outline the research trends in terms of solutions to mitigate these challenges . 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 This article presents a survey on the support for network resilience in SoftwareDefined Networking (SDN). This has been the subject of intense investigation by the academic and industrial community in the past few years, as evidenced by the number of papers included in our survey (159 references in total). Capitalizing on the benefits of SDN, including increased programmability and a clearer separation of concerns, significant attention has recently focused on the development of resilience mechanisms that use software-defined networking approaches. Thus, a wide range of solutions to classical network problems have been revisited using this architecture, but many problems continue to be challenging.Our survey investigates the resilience support that currently exists in this important area, and categorizes the most recent research on this topic with respect to a number of resilience disciplines. Additionally, we discuss the lessons learned from this investigation, highlight the main challenges faced by SDNs moving forward, and outline the research trends in terms of solutions to mitigate these challenges. The aim of the survey is to offer to the reader a structured view of network resilience in the SDN spectrum, and how resilience aspects are supported in these architectures.We believe that this subject material is closely aligned with the objectives of the journal. Please be assured that:1. This paper has not been published or accepted for publication w...

show abstract

OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions

Cited by 121 publications

References 14 publications

Security in software defined networks

Security in software defined networks

An Approach for Protecting the OpenFlow Switch from the Saturation Attack

Resilience support in software-defined networking: A survey

Contact Info

Product

Resources

About