A Security Enforcement Framework for SDN Controller using Game Theoretic Approach

Abstract

Software-defined networking (SDN) has gained significant attention as the future deployment platform for the Internet and enterprise networks. The major advantages of SDN include effective traffic management, dynamic configuration of policy and flow rules, and better scalability with heterogeneous traffic requirements. However, the centralized network control and the use of OpenFlow protocols introduce various security challenges for the underlying network. The attacks on the SDN controller is critical as it hosts all network control functions. Motivated by a systematic analysis of different attack scenarios in SDN using the STRIDE attack model, this paper presents an effective security enforcement framework for proactive prevention of potential attacks on SDN controller. First, based on a signaling game approach, we design a trust-based controller attack detection (TCAD) model that calculates the trust value of each incoming packet to take necessary action. Next, we propose a risk-based attack prevention (RAP) model that detects and filters malicious traffic flows in the network. Finally, we evaluate our proposed security enforcement framework on different scenarios with varying traffic requirements and by injecting attacks based on STRIDE model. Experimental results show 95% accuracy in the potential attack detection and prevention.

Department(s)

Computer Science

Publication Status

Early Access

Keywords and Phrases

Analytical Models; Attack Model; Control Systems; Games; Network Topology; Risk Verification; SDN; Security; Security; Switches; Topology; Trust Model; Vulnerability Analysis

International Standard Serial Number (ISSN)

1941-0018; 1545-5971

Document Type

Article - Journal

Document Version

Citation

File Type

text

Language(s)

English

Rights

© 2022 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Publication Date

11 Mar 2022

Link to Full Text

Share

 
COinS