Open Access Open Access  Restricted Access Subscription Access

Open Flow Security Threat Detection and Defense Services


Affiliations
1 Department of Computer Science, Southern Polytechnic State University, Georgia
 

The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research.

Keywords

Open Flow, Software Defined Network, Security.
User
Notifications
Font Size

Abstract Views: 230

PDF Views: 5




  • Open Flow Security Threat Detection and Defense Services

Abstract Views: 230  |  PDF Views: 5

Authors

Wanqing You
Department of Computer Science, Southern Polytechnic State University, Georgia
Kai Qian
Department of Computer Science, Southern Polytechnic State University, Georgia
Xi He
Department of Computer Science, Southern Polytechnic State University, Georgia
Ying Qian
Department of Computer Science, Southern Polytechnic State University, Georgia

Abstract


The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research.

Keywords


Open Flow, Software Defined Network, Security.