Visible to the public Reconnaissance Attack in SDN based Environments

Submitted by grigby1 on Tue, 02/23/2021 - 2:55pm
TitleReconnaissance Attack in SDN based Environments
Publication TypeConference Paper
Year of Publication2020
AuthorsAlshamrani, A.
Conference Name2020 27th International Conference on Telecommunications (ICT)
Keywordscomputer network management, distributed firewall application, firewalls, Firewalls (computing), global network overview, Mininet, network architecture, network logic, Network reconnaissance, Network topology, OpenFlow counters, pubcrawl, Reconnaissance, reconnaissance attack, resilience, Resiliency, Scalability, SDN architecture, SDN based environments, SDN controller, SDN-based solution, security policy, software defined networking, software-defined networking, telecommunication network topology, telecommunication traffic, Telecommunications, Testing
AbstractSoftware Defined Networking (SDN) is a promising network architecture that aims at providing high flexibility through the separation between network logic (control plane) and forwarding functions (data plane). This separation provides logical centralization of controllers, global network overview, ease of programmability, and a range of new SDN-compliant services. In recent years, the adoption of SDN in enterprise networks has been constantly increasing. In the meantime, new challenges arise in different levels such as scalability, management, and security. In this paper, we elaborate on complex security issues in the current SDN architecture. Especially, reconnaissance attack where attackers generate traffic for the goal of exploring existing services, assets, and overall network topology. To eliminate reconnaissance attack in SDN environment, we propose SDN-based solution by utilizing distributed firewall application, security policy, and OpenFlow counters. Distributed firewall application is capable of tracking the flow based on pre-defined states that would monitor the connection to sensitive nodes toward malicious activity. We utilize Mininet to simulate the testing environment. We are able to detect and mitigate this type of attack at early stage and in average around 7 second.
DOI10.1109/ICT49546.2020.9239510
Citation Keyalshamrani_reconnaissance_2020
Groups: