Abstract
The flexibility and programmability of SDN enable dynamic and automated network configuration and traffic routing. However, this also provides more avenues for malicious code propagation, leading to serious risks such as service disruptions and privacy breaches. To address this problem, we first designed three modules to suppress malicious code propagation: the abnormal traffic detection module, the malicious code analysis module, and the abnormal traffic tracing module. Then, the sharing mechanism is introduced. In order to analyze the process of malicious code propagation more clearly, based on the above strategy, this paper introduces the warning node into the classical SIR model, which can be exploited for studying how to control malicious code propagation to prevent large-scale outbreaks. The propagation threshold and equilibrium point of the proposed model are obtained through calculations. By constructing a Lyapunov function, the equilibrium point is proven stable. Finally, numerical simulation results indicate that when the detection rate reaches 90%, approximately 86.3% fewer nodes are infected at the peak point. Through comparative analysis, our system demonstrates optimal performance, validating the effectiveness of the analytical results.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
The authors declare that all data supporting the findings of this study are available within the article.
Code Availability
The authors declare that all code generated or used during the study are available from the corresponding author by request.
References
Rashid, A., Martin, R., & Nadir, S. (2018). Hybrid SDN networks: A survey of existing approaches. IEEE Communications Surveys & Tutorials, 20(4), 3259–3306.
Rajakumari, K., Punitha, P., Kumar, L., & Suresh, C. (2022). Improvising packet delivery and reducing delay ratio in mobile ad hoc network using neighbor coverage-based topology control algorithm. International Journal of Communication Systems, 35(2), e4260.
Lakshmana Kumar, R., Subramanian, R., & Karthik, S. (2022). A novel approach to improve network validity using various soft computing techniques. Journal of Intelligent & Fuzzy Systems, 43(6), 7937–7948.
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., & Turner, J. (2008). OpenFlow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.
Zhang, K., Zhao, X. H., Peng, Y., Yan, K. C., & Sun, P. Y. (2022). Analysis of Mobile Communication Network Architecture Based on SDN. Journal of Grid Computing, 20(3), 28.
Lara, A., Kolasani, A., & Ramamurthy, B. (2014). Network innovation using OpenFlow: A survey. IEEE Communications Surveys & Tutorials, 16(1), 493–512.
Torres, E. S., Reale, R. F., Sampaio, L. N., & Martins, J. S. B. (2020). A SDN/OpenFlow framework for dynamic resource allocation based on bandwidth allocation model. IEEE Latin America Transactions, 18(05), 853–860.
Ono, D., Guillen, L., Izumi, S., Abe, T., & Suganuma, T. (2021). A proposal of port scan detection method based on packet-in messages in OpenFlow networks and its evaluation. International Journal of Network Management, 31(6), e2174.
Yingying Cheng, T., & Jia, X. (2018). Compressive traffic monitoring in hybrid SDN. IEEE Journal on Selected Areas in Communications, 36(12), 2731–2743.
Csikor, L., Szalay, M., Rétvári, G., Pongrácz, G., Pezaros, D. P., & Toka, L. (2020). Transition to SDN is HARMLESS: Hybrid architecture for migrating legacy ethernet switches to SDN. IEEE/ACM Transactions on Networking, 28(1), 275–288. https://doi.org/10.1109/TNET.2019.2958762
Gao, D. Y., Liu, Z. H., Liu, Y., Foh, C. H., Zhi, T., & Chao, H. C. (2018). Defending against packet-In messages flooding attack under SDN context. Soft Computing, 22(20), 6797.
Nisar, K., Welch, I., Hassan, R., Sodhro, A. H., & Pirbhulal, S. (2020). A survey on the architecture, application, and security of software defined networking. Internet of Things. https://doi.org/10.1016/j.iot.2020.100289
Li, Q., Mi, J. X., Li, W. S., Wang, J. F., & Cheng, M. Y. (2021). CNN-based malware variants detection method for internet of things. IEEE Internet of Things Journal, 8(23), 16946–16962.
Phan, X. T., & Fukuda, K. (2017). SDN-Mon: Fine-grained traffic monitoring framework in software-defined networks. Journal of Information Processing, 25, 182–190.
Marco, B., Giuseppe, B., Giulio, P., Salvatore, P., & Marco, M. (2017). StreaMon: A data-plane programming abstraction for software-defined stream monitoring. IEEE Transactions on Dependable and Secure Computing, 14(6), 664–678.
Carvalho, L. F., Abrao, T., Mendes, L. D. S., & Proenca, M. L. J. (2018). An ecosystem for anomaly detection and mitigation in software defined networking. Expert Systems with Applications, 104, 121–133.
Revathi, M., Ramalingam, V. V., & Amutha, B. A. (2022). Machine learning based detection and mitigation of the DDOS attack by using SDN controller framework. Wireless Personal Communications, 127, 2417–2441. https://doi.org/10.1007/s11277-021-09071-1
Yao, G., Bi, J., & Vasilakos, A. V. (2015). Passive IP traceback: Disclosing the locations of IP spoofers from path backscatter. IEEE Transactions on Information Forensics and Security, 10(3), 471–484.
Guo, L., Jing, S., Wei, L., Zhao, C. (2024) Crossfire Attack Defense Method Based on Software Defined Network. Computer Engineering
Na, R. S., & Zhang, X. F. (2009). Study of worm propagation model based on distributed honeynet. Application Research of Computers, 26(09), 3512–3515.
Li, C. X., & Ren, J. G. (2023). Malware propagation model based on feedback mechanism in Point-to-Group networks. Computer Engineering, 49(1), 163–172.
Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., & Conti, M. (2017). A survey on the security of stateful SDN data planes. IEEE Communications Surveys & Tutorials, 19(3), 1701–1725. https://doi.org/10.1109/COMST.2017.2689819
DeAlmeida, J. M., Pontes, C. F. T., DaSilva, L. A., Both, C. B., Gondim, J. J. C., Ralha, C. G., & Marotta, M. A. (2021). Abnormal behavior detection based on traffic pattern categorization in mobile networks. IEEE Transactions on Network and Service Management, 18(4), 4213–4224.
Marnerides, A. K., Schaeffer-Filho, A., & Mauthe, A. (2014). Traffic anomaly diagnosis in Internet backbone networks: A survey. Computer Networks, 73, 224–243.
Jackson, M., & Chen-Charpentier, B. M. (2017). Modeling plant virus propagation with delays. Journal of Computational and Applied Mathematics, 309, 611–621.
Lasalle, J. P. (1976). The stability of dynamical systems. Society for Industrial and Applied Mathematics. https://doi.org/10.1137/1.9781611970432
Clark, R. N. (1992). The Routh-Hurwitz stability criterion, revisited. IEEE Control Systems Magazine, 12(3), 119–120.
Sigdel, R. P., & McCluskey, C. C. (2014). Global stability for an SEI model of infectious disease with immigration. Applied Mathematics and Computation, 243, 684–689. https://doi.org/10.1016/j.amc.2014.06.020
Xiao, X., Fu, P., Dou, C. S., Li, Q., Hu, G. W., & Xia, S. T. (2017). Design and analysis of SEIQR worm propagation model in mobile internet. Communications in Nonlinear Science and Numerical Simulation, 43, 341–350.
Funding
This work was supported by the Natural Science General Foundation of Jiangsu Province (BK20201462), the Natural Science General Foundation of Xuzhou (KC21018), and the Scientific Research Support Project of Jiangsu Normal University (2022XKT1553).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Ethical Approval
All authors contributed to the study conception and design. All authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Li, F., Ren, J. Suppression of Malicious Code Propagation in Software-Defined Networking. Wireless Pers Commun 135, 493–516 (2024). https://doi.org/10.1007/s11277-024-11065-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-024-11065-8