Advertisement

Dynamic vulnerability assessments of software-defined networks

  • Raktim DebEmail author
  • Sudipta Roy
S.I. : CICBA 2018
  • 25 Downloads

Abstract

The networks (SDN) poses many potential security threats because of its principle of dissociating the network management interface from the underneath networking components and making a programmable networking system. Many security countermeasures have been proposed regarding this current trending environment, but none of the research has considered the existing vulnerabilities in SDN entities. This paper demonstrates the vulnerabilities using CVSS in the first place and then identifies the mutual relationship between the vulnerabilities using Bayesian network methodology.

Keywords

SDN:software-defined networks Common vulnerability scoring system (CVSS) Bayesian network 

Notes

References

  1. 1.
    Akhunzada A, Ahmed E, Gani A, Khan MK, Imran M, Guizani S (2015) Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun Mag 53(4):36–44CrossRefGoogle Scholar
  2. 2.
    CVSS Special Interest Group(SIG), Common vulnerability scoring system v3.0: Specification, FIRST.ORG, Inc., (Jun 2015)Google Scholar
  3. 3.
    Open Networking Foundation Member, OpenFlow switch specificaion: version 1.3.0, The Open Networking Foundation, (Jun 2012)Google Scholar
  4. 4.
    Shu Z, Wan J, Li D, Lin J, Vasilakos AV, Imran M (2016) Security in software-defined networking: threats and countermeasures. Mob Netw Appl 21(5):764–776CrossRefGoogle Scholar
  5. 5.
    Karmakar KK, Varadharajan V, Tupakula U (2016) On the design and implementation od a security architecture for software defined network. IEEE international conference on HPCC/Ssart city/data science and system 671–678Google Scholar
  6. 6.
    Al-Shaer E, Al-Haj S (2010) Flowchecker: configuration analysis and verification of federated OpenFlow infrastructures. In: Proceedings of the 3rd ACM workshop on assurable and usable security configuration, 37–44Google Scholar
  7. 7.
    Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. ACM SIGSAC conference on computer & communications security 413–424Google Scholar
  8. 8.
    Kloti R, Kotronis V, Smith P (2013) OpenFlow: a security analysis. IEEE international conference on network protocols pp. 1–6Google Scholar
  9. 9.
    Herman S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design Flwas using the STRIDE approach, http://msdn.microsoft.com/en-gb/magazine/cc163519.asp
  10. 10.
    Saini V, Duan Q, Paruchuri V (2008) Threat modeling using attack trees. J Comput Sci Coll 23(4):124–131Google Scholar
  11. 11.
    Wang H, Xu L, Gu G (2015) FloodGuard: a DoS attack prevention extension in software-defined networks. In: IEEE/IFIP international conference on dependable systems and networks pp. 239–250Google Scholar
  12. 12.
    Wang H, Xu L, Gu G (2015) OF-GUARD: a DoS attack prevention extension in software-defined networks. In: IEEE/IFIP international conference on dDependable systems and networksGoogle Scholar
  13. 13.
    Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In: IEEE Trustcom/BigDataSE/ISPA 310–317Google Scholar
  14. 14.
    Fonseca P, Bennesby R, Mota E, Passito A (2012) A replication component for resilient OpenFlow-based networking. In: IEEE network operations and management symposium (NOMS) 933–939Google Scholar
  15. 15.
    Wang S, Chavez K G, Kandeepan S (2017) SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks. In: International conference on information and communication technology (ICoIC7), 1–6Google Scholar
  16. 16.
    Wei L, Fung C (2015) FlowRanger: A request prioritizing algorithm for controller DoS attacks in Software Defined Networks. In: IEEE international conference on communications (ICC) 5254–5259Google Scholar
  17. 17.
    Dao NN, Park J, Cho S (January 2015) A feasible method to combat against DDoS attack in SDN network. In: International conference on information networking (ICOIN) 309–311Google Scholar
  18. 18.
    Sahay R, Blanc G, Zhang Z, Debar H (2015) Towards autonomic DDoS mitigation using software defined networking. Network and distributed system security (NDSS) symposium, 1–7Google Scholar
  19. 19.
    Dridi L, Zhani MF (2016) SDN-GUARD: DoS attacks mitigation in SDN networks. In: International conference on cloud networking 212–217Google Scholar
  20. 20.
    Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM, 121–126Google Scholar
  21. 21.
    Canini M, Venzano D, Pereni P, Kosti D, Rexford J (2012) A NICE way to test OpenFlow applications. In: USENIX conference on networked systems design and implementation 10–10Google Scholar
  22. 22.
    Son S, Shin S, Yegneswaran V, Porras P, Gu G (June 2013) Model checking invariant security properties in OpenFlow. In: IEEE international conference on communications (ICC)Google Scholar
  23. 23.
    Mai H, Khurshid A, Agarwal R, Caesar M, Godfrey P, King S (2011) Debugging the data plane with anteater. In: ACM SIGCOMM 2011 conference, 29301Google Scholar
  24. 24.
    Kazemian P, Chan M, Zeng H, Varghese G, McKeown N, Whyte S (2013) Real time network policy checking using header space analysis. In: USENIX symposium on networked systems design and implementation, pp 99–112Google Scholar
  25. 25.
    Hp switch software - openflow supplement, https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03170243, 1-32 (February 2012)
  26. 26.
    Horny M (2014) Bayesian networks, Bostom University School of Public Health,Technical Report, No.5, 1–14Google Scholar
  27. 27.
    Liy Y, Man H (2005) Network vulnerability assessment using Bayesian networks. In: Proceedings of the SPIE, Volume 5812, 61–71 )Google Scholar
  28. 28.
    Wang L, Islam T, Long T, Singhal A, Jajioda S (2008) An attack graph-based security metric. In: IFIP WG 11.3 working conference on data and applications security, 283 – 296Google Scholar

Copyright information

© Springer-Verlag London Ltd., part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of CSEAssam UniversitySilcharIndia

Personalised recommendations