A Review of Security, Threats and Mitigation Approaches for SDN Architecture
Prabhakar Krishnan1, Jisha S Najeem2
1Prabhakar Krishnan, Amrita Center for Cybersecurity Systems and Networks, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Amrita University, Amritapuri, India.
2Jisha S Najeem, Amrita Center for Cybersecurity Systems and Networks, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Amrita University, Amritapuri, India.
Manuscript received on 07 March 2019 | Revised Manuscript received on 20 March 2019 | Manuscript published on 30 March 2019 | PP: 389-393 | Volume-8 Issue-5, March 2019 | Retrieval Number: E3198038519/19©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The emergence of Software Defined Networking(SDN) is a paradigm shift that re-thinks conventional legacy network design/operations/abstractions and makes future net- works openly programmable, controllable, scalable and afford- able. As a game changer in modern internetworking technologies, SDN is widely accepted by enterprises, with use in domains ranging from private home networks to small/medium scale workgroup networks to corporate backbone to large-scale wide- area cloud networks. Employing SDN in modern networks provides the much-needed agility and visibility to orchestrate and deploy network solutions. But from the security perspectives in terms of threat attack prediction and risk mitigation, especially for the advanced persistent attacks such as DDoS and side channel attacks in Clouds, SDN stack control plane saturation attacks, switch flow table exhaustion attacks – there are still open challenges in SDN environments. In this paper, at first, we present the taxonomy of threats, risks and attack vectors that can disrupt the SDN stack and present various approaches to solve these problems, to deploy SDN securely in production environments. We survey existing research on SDN and the results of our thorough analysis, comparative study of key principles, trade-offs and evaluation of the well-known techniques for SDN security are also presented. To address the key shortcomings and limitations of the existing solutions, we propose our future work a novel framework to effectively monitor and tackle the SDN security issues. Our proposed framework includes a dynamic security se- mantic monitoring system that decouples monitoring from packet forwarding, and offers flexible fine-grained monitoring, which also integrate well with the SDN architecture. This system will employ machine-learning techniques for fingerprinting, accurate detection of behavioral patterns; attack flows and anomalies in the SDN based networks.
Keyword: Software Defined Networking, SDN, Openflow, Network Security, Threat Monitoring, IDS, Firewall
Scope of the Article: Network Architectures