- Title
- Counteracting attacks from malicious end hosts in software defined networks
- Creator
- Varadharajan, Vijay; Tupakula, Uday
- Relation
- IEEE Transactions on Network and Service Management Vol. 17, Issue 1, p. 160-174
- Publisher Link
- http://dx.doi.org/10.1109/TNSM.2019.2931294
- Publisher
- Institute of Electrical and Electronics Engineers (IEEE)
- Resource Type
- journal article
- Date
- 2019
- Description
- This paper proposes security techniques for counteracting attacks from malicious end hosts in a Software Defined Networking (SDN) environment. The paper describes the design of a security architecture, which comprises a Security Management Application running in the SDN Controller for specifying and evaluating security policies, and Security Components in the switches for enforcing these security policies on network flows. Our proposed security solution helps to detect the attacking end hosts even before the flow requests from the malicious end hosts are forwarded to the SDN Controller. Furthermore, if the end hosts become malicious after the interactions with the SDN Controller and generate attacks in the data plane, then our architecture has mechanisms to address these attacks that occur after the establishment of routes by the SDN Controller. The domain wide network visibility of the SDN Controller enables our security architecture to achieve dynamic management of the security policies. The enforcement of security policies in the data plane is tailored to the functionality available in the network switches, making the proposed security solution practical. We describe the implementation of the proposed security architecture and analyze its security and performance characteristics. We also discuss the advantages of the proposed security architecture over existing solutions.
- Subject
- software defined networking security; security architecture; state based security attack detection; SDN security policies; network function virtualisation
- Identifier
- http://hdl.handle.net/1959.13/1414519
- Identifier
- uon:36761
- Identifier
- ISSN:1932-4537
- Rights
- © 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
- Language
- eng
- Full Text
- Reviewed
- Hits: 635
- Visitors: 743
- Downloads: 130
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | ATTACHMENT02 | Author final version | 1 MB | Adobe Acrobat PDF | View Details Download |