A Review of the Security Architecture for SDN in Light of Its Security Issues

S. Aleem¹ , S. Ahmed²

Section:Review Paper, Product Type: Journal
Vol.11 , Issue.3 , pp.8-14, Jun-2023

Online published on Jun 30, 2023

Copyright © S. Aleem, S. Ahmed . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

Abstract :
Software-defined networking (SDN) simplifies and enhances network management for administrators. It is a modern approach that liberates networks from conventional constraints and is considered a game-changing concept for the future of the web. SDN can detect and prevent malicious traffic through its three-tiered architecture, consisting of a control layer , application layer and a forwarding layer. Our work distinguishes between DoS and DDoS attacks, which pose varying degrees of security risk for SDN users. SDN-based 5G networks are vulnerable to DDoS assaults by malevolent users, but can be secured using tools like Mininet. The SDN security architecture can be improved by methods such as network monitoring, verification, automation, improvised threat detection, and dynamic reaction. By separating network control and data planes and using software applications, SDN can effectively detect and stop malicious traffic. Combining SDN and ML enables the detection and prevention of low-rate DoS attacks, providing a security solution for SDN-based 5G networks. The coming model enhances efficacy in detecting and protecting against DoS and DDoS attacks, allowing enterprises to defend their networks and crucial services.

Key-Words / Index Term :
SDN, DOS, DDoS, 5G, APIs, TCP/IP, OSI.

References :
[1] T. Alharbi, M. Portmann and F. Pakzad, "The security of Topology Discovery in Software Defined Networks," 2015 IEEE 40th Conference on Local Computer Networks (LCN), Clearwater Beach, FL, pp. 502-505, 2015.
[2] J. Ordonez-Lucena, P. Ameigeiras, D. Lopez, J. Ramos-Munoz, J. Lorca, and J. Folgueira, ?Network Slicing for 5G with SDN/NFV: Concepts, Architectures, and Challenges,? IEEE Communications Magazine, vol. 55, pp. 80-87, 2017
[3] Porras, P.A. Cheung, S. Fong, M.W. Skinner, K. and Yegneswaran, � Securing the Software Defined Network Control Layer,� in NDSS pp 1-15, 2015.
[4] Tanweer Alam, Mohammed Aljohani, “Software Defined Networks: Review and Architecture,� Vol. 1, No. 2, pp 145-146, April 2020
[5] M. R. Parsaei, S. H. Khalilian, R. Javidan, “A Comparative Study on Fault Tolerance Methods in IP Networks versus Software Defined Networks,� International Academic Journal of Science and Engineering. Vol. 3, no. 4, pp. 146-154, 2016.
[6] Ombase P.M., Kulkarni N.P., Bugade S.T., Mhaisgawali A.V., “Survey on DoS Attack Challenges in Software Defined Networking,� Int. J. Comput. Appl., Volume 173 – No.2, . pp23 September 2017
[7] Ahmad I., Namal S., Ylianttila M., Gurtov A., “Securing in SDN: A Survey,� IEEE Communications Surveys & Tutorials ( Volume: 17, Issue: 4, Fourthquarter pp 1-4 , 2015)
[8] K. Bhushan and B.B. Gupta, “Distributed Denial of Service (DDoS) Attack Mitigation in a Software Defined Network (SDN) based Cloud Computing Environment,� J. Ambient Intell. Humaniz. Comput. Vol. 10, No. 5, pp 2 , 2019
[9] V. Duddu, “A Survey of Adversarial ML in Cyber Warfare,� Def. Sci. J., Vol. 68, No. 4, pp 356-357, 2020
[10] Hassan Alamr, Javed Yazdani, Vijey Thayananthan, “Machine Learning for Securing SDN based 5G Network,� International Journal of Computer Applications (0975 – 8887) Volume 174 – No. 14, pp 12-13, January 2021
[11] Milhai Nicolae, Laura Gheorghe, Raluca-Andreea Somesan, “ SDN based Security Mechanism�, IEEE advancing technology for humans , pp. 12-15, 2015,
[12] Shan-Hsiang-Shen, “An Efficient Network Monitor for SDN Networks,� ACM Sigmetrics Performance Evaluation Review, vol. 46, issue 2, pp 95-96 , September 2018
[13] E. Al-Shaer and S. Al-Haj, “FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures,� in Proc. 3rd ACM Workshop Assurable and Usable Security Configuration, pp. 37– 44 , 2010
[14] M.Canini, D.Venzano, P.Peresini, D.Kostic, and J.Rexford, “A NICE way to test OpenFlow applications,� in Proc. 9th USENIX Conf. Networked Systems Designand Implementation (NSDI), pp 7-10, 2012.
[15] Ramprasath Jayaprakash, “Malicious Attack Detection in Software Defined Networking Using Machine Learning Approach,� July 2020
[16] Praseed A, Thilagam PS. DDoS attacks at the application layer: challenges and research perspectives for safeguarding web applications. DOI 10.1109/COMST.2018.2870658, IEEECommunications Surveys & Tutorials , pp 2-12, 2018.
[17] T. J. Parvat, P. Chandra, “A Novel approach to deep packet inspection for intrusion detection,� Procedia Computer Science, vol. 45, pp. 506- 513, 2015.
[18] Pradeep Kumar Sharma, S. S. Tyagi, “Improving Security through Software Defined Networking (SDN): AN SDN based Model,� International Journal of Recent Technology and Engineering (IJRTE), ISSN: 2277-3878, Volume-8 Issue-4, pp 298-299, November 2019
[19] Pooja , Manu Sood, “SDN and Mininet: Some basic Concepts,� Int. J. Advanced Networking and Applications , ISSN: 0975-02902015,Volume: 07 Issue: 02, pp-2690-2693
[20] K. K. Sharma and M. Sood. “Mininet as a Container Based Emulator for Software Defined Networks� in International Journal of Advanced research Volume 4, Issue 12, pp 681-684, December 2014 .
[21] J Chica ?, J Imbachi, J Botero “Security in SDN: A comprehensive survey� Journal of Network and Computer Applications Volume 159, 1 , pp 3-8, June 2020.