OpenFlow Security Threat Detection and Defense Services

Authors

Wanqing You, Southern Polytechnic State Univerisity
Kai Qian, Kennesaw State UniversityFollow
Xi He, Georgia State University
Ying Qian, East China Normal University

Department

Computer Science

Document Type

Article

Publication Date

11-13-2014

Abstract

The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research.

Journal Title

International Journal of Advanced Networking and Applications

Journal ISSN

0975-0290

Issue

3

First Page

2347

Last Page

2351