Security Classification Transmission Method Based on SDN in Industrial Networks
Software Defined Networking (SDN) is a new type of network architecture, which provides an important way to implement automated network deployment and flexible management. However, security problems in SDN are also inevitable in industrial networks. In the research area of SDN security and traditional network security, feasibility and influence of defense in depth in industrial networks should thus be explored. In this paper, a security classification transmission method based on SDN in industrial networks is proposed, which provides a better security level of transmission paths. In the proposed method, the security classification transmission system is first presented. By designing five service mechanisms, including request, strategy generation, distribution/maintenance, updating/loading and execution, the security classification transmission service model is defined. In an experimental study, the proposed method is shown to be feasible in industrial heterogeneous networks and provide better security paths without affecting availability in the multi-domain and multi-nodes case of industrial networks.
KeywordsSDN Security classification transmission Service mechanisms Industrial network
This work is supported by State Grid Science and Technology Project (Grant No. 52110118001H), the National Natural Science Foundation of China (Grant No. 61501447), the National Natural Science Foundation of China (Grant No. 61773368). The authors are grateful to the anonymous referees for their insightful comments and suggestions.
- 2.Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN Security: A Survey Future Networks and Services, pp. 1–7. IEEE, Trento (2013)Google Scholar
- 3.Adami, D., Giordano, S., D’Amore, G., et al.: A new SDN traffic control application for security routing in critical infrastructures. In: The 13th International Joint Conference on e-Business and Telecommunications, pp. 129–138. SCITEPRESS-Science and Technology Publications, Lda (2016)Google Scholar
- 5.Wang, M., Liu, J., Chen, J., et al.: Perm-guard: authenticating the validity of flow rules in software defined networking. J. Signal Process. Syst. 86(2–3), 1–17 (2016)Google Scholar
- 6.Binkui, L., Lei, Z., et al.: Security routing strategy based on switch level division in SDN. Appl. Res. Comput. 34(2), 522–525 (2017)Google Scholar
- 7.Henneke, D., Wisniewski, L., Jasperneite, J.: Analysis of realizing a future industrial network by means of Software-Defined Networking (SDN). In: IEEE World Conference on Factory Communication Systems, pp. 1–4. IEEE, Aveiro (2016)Google Scholar
- 8.Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A.: SDN security plane: an architecture for resilient security services. In: IEEE International Conference on Cloud Engineering Workshop, pp. 54–59. IEEE, Berlin (2016)Google Scholar
- 9.Yahya, W., Basuki, A., Jiang, J.R.: The extended dijkstra’s-based load balancing for openflow network. Int. J. Electr. Comput. Eng. 5(2), 289–296 (2015)Google Scholar
- 10.Singh, V.K., Nimisha, I.K.T.: Applications of maximal network flow problems in transportation and assignment problems. J. Math. Res. 2(1) (2010)Google Scholar
- 11.Mininet tools. http://mininet.org/. Accessed 11 Feb 2018
- 12.Project Floodlight. http://www.projectfloodlight.org/. Accessed 11 Feb 2018
- 13.Ming, W., Wenli, S., Peng, Z., et al.: Modbus/TCP communication access control method based on function code depth detection. Inf. Control 45(2), 248–256 (2016)Google Scholar
- 15.Gelberger, A., Yemini, N., Ran, G.: Performance analysis of software-defined networking (SDN). In: IEEE International Symposium on Modelling, Analysis & Simulation of Computer and Telecommunication Systems, pp. 389–393. IEEE Computer Society, San Francisco (2013)Google Scholar