SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

Rahouti, Mohamed; Xiong, Ke; Xin, Yufeng; Jagatheesaperumal, Senthil Kumar; Ayyash, Moussa; Shaheed, Maliha

doi:10.1109/access.2022.3168972

Cited by 45 publications

(13 citation statements)

References 239 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…SDN controllers or northbound APIs guide the network traffic design and communicate with the underlying hardware infrastructure on the southbound interface via the OpenFlow protocol, eliminating the need for dedicated hardware devices such as controllers, routers, and switches that are required in traditional networks. This results in improved network construction, flexible configuration, and lower deployment costs [9].…”

Section: Sdn and Security Issuesmentioning

confidence: 99%

“…However, the centralized architecture of an SDN may be vulnerable to security threats from traditional networks and new information security vulnerabilities. Several studies [9][10][11] have analyzed the security threats posed to the SDN architecture. The control layer of SDN is the core component responsible for converting the priority conditions of the application program, providing precise instructions for each system component, and providing relevant information to the SDN application program.…”

Section: Sdn and Security Issuesmentioning

confidence: 99%

See 1 more Smart Citation

Applying Transfer Learning Approaches for Intrusion Detection in Software-Defined Networking

Chuang

2023

Sustainability

View full text Add to dashboard Cite

In traditional network management, the configuration of routing policies and associated settings on individual routers and switches was performed manually, incurring a considerable cost. By centralizing network management, software-defined networking (SDN) technology has reduced hardware construction costs and increased flexibility. However, this centralized architecture renders information security vulnerable to network attacks, making intrusion detection in the SDN environment crucial. Machine-learning approaches have been widely used for intrusion detection recently. However, critical issues such as unknown attacks, insufficient data, and class imbalance may significantly affect the performance of typical machine learning. We addressed these problems and proposed a transfer-learning method based on the SDN environment. The following experimental results showed that our method outperforms typical machine learning methods. (1) our model achieved a F1-score of 0.71 for anomaly detection for unknown attacks; (2) for small samples, our model achieved a F1-score of 0.98 for anomaly detection and a F1-score of 0.51 for attack types identification; (3) for class imbalance, our model achieved an F1-score of 1.00 for anomaly detection and 0.91 for attack type identification. In addition, our model required 15,230 seconds (4 h 13 m 50 s) for training, ranking second among the six models when considering both performance and efficiency. In future studies, we plan to combine sampling techniques with few-shot learning to improve the performance of minority classes in class imbalance scenarios.

show abstract

Section: Sdn and Security Issuesmentioning

confidence: 99%

Section: Sdn and Security Issuesmentioning

confidence: 99%

Applying Transfer Learning Approaches for Intrusion Detection in Software-Defined Networking

Chuang

2023

Sustainability

View full text Add to dashboard Cite

show abstract

“…Availability is also a type of security service that ensures that only authorised individuals have access to systems and devices. To protect, data, cryptography and encryption techniques are widely used in network security protocols [6][7][8]; the data was encrypted, and it can only be decrypted with a compatible key.…”

Section: Network and Network Securitymentioning

confidence: 99%

Data security in smart devices: Advancement, constraints and future recommendations

et al. 2023

View full text Add to dashboard Cite

Network security protocols are implemented to address network security challenges. Computer networks and applications have advanced and developed significantly in recent years, but consumers ‘excitement for network technology and high‐tech devices has been dampened by continual exposure to data security vulnerabilities. As of now, some individuals refuse to use smart devices due to concerns about the authenticity, confidentiality and integrity of data security leaks. This not only prompts Internet service providers to follow market protection mechanisms but also requires software developers to apply appropriate security protocols to protect computer network security. These applications’ dependability and integrity are dependent not just on the effectiveness of cryptographic algorithms, but also on key management protocols. Understanding network security protocols and implementing high‐quality standards to govern the transmission of data in the network are critical components of guaranteeing network security. The article explores data security, primarily at the application layer, various attack methods for different network security protocols and highlights the potential security implications. The study also looks at the corresponding, practical security measures and future research prospects for certain kinds of attacks. Finally, some technical challenges that remain unsolved at the time of writing are summarised, and future trends in cybersecurity are discussed.

show abstract

“…Application security, API security, controller security, DDoS, infrastructure security, and so forth are all supported by secure SDN architecture. 134 It's important to take into account dynamic variations in application demand as well. 135 The IoT, autonomous vehicles, telemedicine, and smart cities are a few examples of emerging technologies that have always attracted attackers.…”

Section: Sdn Security Considerations In Isp/telco Networkmentioning

confidence: 99%

“…Application security, API security, controller security, DDoS, infrastructure security, and so forth are all supported by secure SDN architecture 134 . It's important to take into account dynamic variations in application demand as well 135 …”

Section: Sdn Security Considerations In Isp/telco Networkmentioning

confidence: 99%

Controller placement problem during SDN deployment in the ISP/Telco networks: A survey

Sapkota,

Dawadi,

Joshi

2023

Engineering Reports

View full text Add to dashboard Cite

With the successful implementation of Software‐Defined Networking (SDN) in data center networking, the way forward for its deployment in the ISP/Telco network is becoming prominent. Small and medium‐sized networks may easily adopt SDN. The research on SDN deployment and implementation for a large‐scale network is continuing. This paper properly presents the current research status of Controller Placement Problem (CPP) and Multi‐CPP (MCPP) over SDN with their specific challenges and provides a comprehensive review of the major performance metrics, that is, latency, and controller load balancing techniques. This survey highlights the use of network partitioning‐based CPP and clustering approaches and their benefits in the context of SDN deployment. Moreover, this paper highlights the importance of implementing SDN and SDN security issues into ISP/Telco networks. Finally, we provide some key areas of ongoing research and discuss the future research direction regarding the various SDN‐based Controller Placement (CP) issues in the next‐generation IP and advanced networking technologies.

show abstract

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

Cited by 45 publications

References 239 publications

Applying Transfer Learning Approaches for Intrusion Detection in Software-Defined Networking

Applying Transfer Learning Approaches for Intrusion Detection in Software-Defined Networking

Data security in smart devices: Advancement, constraints and future recommendations

Controller placement problem during SDN deployment in the ISP/Telco networks: A survey

Contact Info

Product

Resources

About