Visible to the public A Secured OpenFlow-Based Software Defined Networking Using Dynamic Bayesian Network

TitleA Secured OpenFlow-Based Software Defined Networking Using Dynamic Bayesian Network
Publication TypeConference Paper
Year of Publication2019
AuthorsSophakan, Natnaree, Sathitwiriyawong, Chanboon
Conference Name2019 19th International Conference on Control, Automation and Systems (ICCAS)
KeywordsBayes methods, belief networks, composability, computer network security, denial-of-service attack, distributed denial-of-service attack, dynamic bayesian network, emulated network, firewalls, Firewalls (computing), Heuristic algorithms, Hidden Markov models, main standard protocol, OpenFlow, programmable network protocol, Protocols, pubcrawl, Resiliency, Ryu controller, secured OpenFlow-based software defined networking, software defined networking, state information, stateful firewall, Transport Layer Security, transport protocols
AbstractOpenFlow has been the main standard protocol of software defined networking (SDN) since the launch of this new networking paradigm. It is a programmable network protocol that controls traffic flows among switches and routers regardless of their platforms. Its security relies on the optional implementation of Transport Layer Security (TLS) which has been proven vulnerable. The aim of this research was to develop a secured OpenFlow, so-called Secured-OF. A stateful firewall was used to store state information for further analysis. Dynamic Bayesian Network (DBN) was used to learn denial-of-service attack and distributed denial-of-service attack. It analyzes packet states to determine the nature of an attack and adds that piece of information to the flow table entry. The proposed Secured-OF model in Ryu controller was evaluated with several performance metrics. The analytical evaluation of the proposed Secured-OF scheme was performed on an emulated network. The results showed that the proposed Secured-OF scheme offers a high attack detection accuracy at 99.5%. In conclusion, it was able to improve the security of the OpenFlow controller dramatically with trivial performance degradation compared to an SDN with no security implementation.
DOI10.23919/ICCAS47443.2019.8971459
Citation Keysophakan_secured_2019