Abstract
Software-defined network (SDN) makes today’s networks programmable and provides several benefits such as global awareness, centralized management, and network abstraction. SDN is an innovative paradigm that enables the development of new and more efficient security services. This chapter provides an overview of the software-defined networking paradigm. The challenge of this chapter is twofold: On the one hand, to study and explore the contribution of SDN to security to design efficient solutions that will mitigate several attack vectors and on the other hand, to protect SDN against these attacks, by analyzing mitigation techniques based on machine learning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdullaziz, O.I., Wang, L.: Mitigating DoS attacks against SDN controller using information hiding. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–6. https://doi.org/10.1109/WCNC.2019.8885764 (2019)
Abubakar, A., Pranggono, B.: Machine learning based intrusion detection system for software defined networks. In: 2017 Seventh International Conference on Emerging Security Technologies (EST), pp. 138–143. https://doi.org/10.1109/EST.2017.8090413 (2017)
Adamou Djergou, A., Maleh, Y., Mounir, S.: Machine learning techniques for intrusion detection in SDN: a survey. In: Maleh, Y., Alazab, M., Gherabi, N., Tawalbeh, L., Abd El-Latif, A.A. (eds.) Advances in Information, Communication and Cybersecurity, pp. 460–473. Springer (2022)
Agborubere, B., Sanchez-Velazquez, E.: OpenFlow communications and TLS security in software-defined networks. In 2017 IEEE International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 560–566. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2017.88 (2017)
Ahmed, M.E., Kim, H.: DDoS attack mitigation in Internet of Things using software defined networking. In: 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService), pp. 271–276. https://doi.org/10.1109/BigDataService.2017.41 (2017)
Ahuja, N., Singal, G., Mukhopadhyay, D., Kumar, N.: Automated DDOS attack detection in software defined networking. J. Netw. Comput. Appl. 187, 103108 (2021). https://doi.org/10.1016/J.JNCA.2021.103108
Alcorn, J.A., Chow, C.E.: A framework for large-scale modeling and simulation of attacks on an OpenFlow network. In: 2014 23rd International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. https://doi.org/10.1109/ICCCN.2014.6911848 (2014)
Al-Haj, S., Tolone, W. J.: FlowTable pipeline misconfigurations in software defined networks. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 247–252. https://doi.org/10.1109/INFCOMW.2017.8116384 (2017)
Alparslan, O., Gunes, O., Hanay, Y.S., Arakawa, S., & Murata, M.: Improving resiliency against DDoS attacks by SDN and multipath orchestration of VNF services. In: 2017 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN), pp. 1–3. https://doi.org/10.1109/LANMAN.2017.7972158 (2017)
Banitalebi Dehkordi, A., Soltanaghaei, M., Boroujeni, F.Z.: The DDoS attacks detection through machine learning and statistical methods in SDN. J. Supercomput. 77(3), 2383–2415 (2021). https://doi.org/10.1007/s11227-020-03323-w
Bauer, R., Dittebrandt, A., Zitterbart, M.: GCMI: a generic approach for SDN control message interception. In: 2019 IEEE Conference on Network Softwarization (NetSoft), pp. 360–368. https://doi.org/10.1109/NETSOFT.2019.8806661 (2019)
Brooks, M., Yang, B.: A man-in-the-middle attack against OpenDayLight SDN controller. In: Proceedings of the 4th Annual ACM Conference on Research in Information Technology, pp. 45–49. https://doi.org/10.1145/2808062.2808073 (2015)
Carvalho, R.N., Bordim, J.L., Alchieri, E.A.P.: Entropy-Based DoS Attack Identification in SDN. In: 2019 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), pp. 627–634. https://doi.org/10.1109/IPDPSW.2019.00108 (2019)
Chang, S., Park, Y., Babu, B.B.A.: Fast IP hopping randomization to secure hop-by-hop access in SDN. IEEE Trans. Netw. Serv. Manag. 16(1), 308–320 (2019). https://doi.org/10.1109/TNSM.2018.2889842
Chi, P.-W., Kuo, C.-T., Guo, J.-W., Lei, C.-L.: How to detect a compromised SDN switch. In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1–6. https://doi.org/10.1109/NETSOFT.2015.7116184 (2015)
Chin, T., Mountrouidou, X., Li, X., Xiong, K.: Selective packet inspection to detect DoS flooding using software defined networking (SDN). In: 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops, pp. 95–99. https://doi.org/10.1109/ICDCSW.2015.27 (2015)
Chouhan, R.K., Atulkar, M., Nagwani, N.K.: A framework to detect DDoS attack in Ryu controller based software defined networks using feature extraction and classification. Appl. Intell. (2022). https://doi.org/10.1007/s10489-022-03565-6
Cui, H., Chen, Z., Yu, L., Xie, K., Xia, Z.: Authentication mechanism for network applications in SDN environments. In: 2017 20th International Symposium on Wireless Personal Multimedia Communications (WPMC), pp. 1–5. https://doi.org/10.1109/WPMC.2017.8301788 (2017)
Cziva, R., Jouët, S., Stapleton, D., Tso, F.P., Pezaros, D.P.: SDN-based virtual machine management for cloud data centers. IEEE Trans. Netw. Serv. Manag. 13(2), 212–225 (2016)
Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., Conti, M.: A survey on the security of stateful SDN data planes. IEEE Commun. Surv. Tutor. (2017)
D’Orsaneo, J., Tummala, M., McEachen, J., Martin, B.: Analysis of traffic signals on an SDN for detection and classification of a man-in-the-middle attack. In: 2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS), pp. 1–9. https://doi.org/10.1109/ICSPCS.2018.8631762 (2018)
Dotcenko, S., Vladyko, A., Letenko, I.: A fuzzy logic-based information security management for software-defined networks. In: 16th International Conference on Advanced Communication Technology, pp. 167–171. https://doi.org/10.1109/ICACT.2014.6778942 (2014)
Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: 2016 5th IEEE International Conference on Cloud Networking (Cloudnet), pp. 212–217. https://doi.org/10.1109/CloudNet.2016.9 (2016)
Elsayed, M.S., Le-Khac, N.-A., Jurcut, A.D.: InSDN: a novel SDN intrusion dataset. IEEE Access. 8, 165263–165284 (2020). https://doi.org/10.1109/ACCESS.2020.3022633
Feghali, A., Kilany, R., Chamoun, M.: SDN security problems and solutions analysis. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), pp. 1–5. https://doi.org/10.1109/NOTERE.2015.7293514 (2015)
Foerster, K., Ludwig, A., Marcinkowski, J., Schmid, S.: Loop-free route updates for software-defined networks. IEEE/ACM Trans. Networking. 26(1), 328–341 (2018). https://doi.org/10.1109/TNET.2017.2778426
Gao, S., Li, Z., Xiao, B., Wei, G.: Security threats in the data plane of software-defined networks. IEEE Netw. 32(4), 108–113 (2018). https://doi.org/10.1109/MNET.2018.1700283
Goksel, N., Demirci, M.: DoS attack detection using packet statistics in SDN. In: 2019 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6. https://doi.org/10.1109/ISNCC.2019.8909114 (2019)
Hadem, P., Saikia, D.K., Moulik, S.: An SDN-based intrusion detection system using SVM with selective logging for IP Traceback. Comput. Netw. 191, 108015 (2021). https://doi.org/10.1016/J.COMNET.2021.108015
Isong, B., Molose, R.R.S., Abu-Mahfouz, A.M., Dladlu, N.: Comprehensive review of SDN controller placement strategies. IEEE Access. 8, 170070–170092 (2020). https://doi.org/10.1109/ACCESS.2020.3023974
Jäger, B., Röpke, C., Adam, I., Holz, T.: Multi-layer access control for SDN-based telco clouds. In: Buchegger, S., Dam, M. (eds.) In Nordic Conference on Secure IT Systems, pp. 197–204. Springer (2015)
Khakimov, A., Elgendy, I.A., Muthanna, A., Mokrov, E., Samouylov, K., Maleh, Y., El-Latif, A.A.A.: Flexible architecture for deployment of edge computing applications. Simul. Model. Pract. Theory. 114, 102402 (2022). https://doi.org/10.1016/J.SIMPAT.2021.102402
Klaedtke, F., Karame, G.O., Bifulco, R., Cui, H.: Access control for SDN controllers. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 219–220. https://doi.org/10.1145/2620728.2620773 (2014)
Klaedtke, F., Karame, G.O., Bifulco, R., Cui, H.: Towards an access control scheme for accessing flows in SDN. In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1–6. https://doi.org/10.1109/NETSOFT.2015.7116185 (2015)
Kokila, R.T., Selvi, S.T., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 Sixth International Conference on Advanced Computing (ICoAC), pp. 205–210. https://doi.org/10.1109/ICoAC.2014.7229711 (2014)
Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. https://doi.org/10.1145/1868447.1868466 (2010)
Lévai, T., Pelle, I., Németh, F., Gulyás, A.: EPOXIDE: a modular prototype for SDN troubleshooting. SIGCOMM Comput. Commun. Rev. 45(4), 359–360 (2015). https://doi.org/10.1145/2829988.2790027
Li, C., Wu, Y., Yuan, X., Sun, Z., Wang, W., Li, X., Gong, L.: Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN. Int. J. Commun. Syst. 31(5), e3497 (2018). https://doi.org/10.1002/dac.3497
Maleh, Y., Qasmaoui, Y., el Gholami, K., Sadqi, Y., Mounir, S.: A comprehensive survey on SDN security: threats, mitigations, and future directions. J. Reliab. Intell. Environ. (2022). https://doi.org/10.1007/s40860-022-00171-8
Masoud, M. Z., Jaradat, Y., Jannoud, I.: On preventing ARP poisoning attack utilizing Software Defined Network (SDN) paradigm. In 2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT), pp. 1–5. https://doi.org/10.1109/AEECT.2015.7360549 (2015)
Matsumoto, S., Hitz, S., Perrig, A.: Fleet: defending SDNs from malicious administrators. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 103–108. https://doi.org/10.1145/2620728.2620750 (2014)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Mekky, H., Hao, F., Mukherjee, S., Zhang, Z.-L., Lakshman, T.V.: Application-aware data plane processing in SDN. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 13–18. https://doi.org/10.1145/2620728.2620735 (2014)
Midha, S., Triptahi, K.: Extended TLS security and defensive algorithm in OpenFlow SDN. In: 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pp. 141–146. https://doi.org/10.1109/CONFLUENCE.2019.8776607 (2019)
Mihai-Gabriel, I., Victor-Valeriu, P.: Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 319–324. https://doi.org/10.1109/CINTI.2014.7028696 (2014)
Myint Oo, M., Kamolphiwong, S., Kamolphiwong, T., Vasupongayya, S.: Advanced support vector machine- (ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN). J. Comput. Netw. Commun. 2019, 8012568 (2019). https://doi.org/10.1155/2019/8012568
Namal, S., Ahmad, I., Gurtov, A., Ylianttila, M.: Enabling secure mobility with OpenFlow. In: 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1–5. https://doi.org/10.1109/SDN4FNS.2013.6702540 (2013)
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., Yang, B.: Predicting network attack patterns in SDN using machine learning approach. In: 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), 167–172. https://doi.org/10.1109/NFV-SDN.2016.7919493 (2016)
Nguyen, T., Yoo, M.: Attacks on host tracker in SDN controller: investigation and prevention. In: 2016 International Conference on Information and Communication Technology Convergence (ICTC), pp. 610–612. https://doi.org/10.1109/ICTC.2016.7763545 (2016)
Nife, F., & Kotulski, Z. (2018). New SDN-Oriented Authentication and Access Control Mechanism BT – Computer Networks (P. Gaj, M. Sawicki, G. Suchacka, A. Kwiecień, Eds.), pp. 74–88. Springer
Niyaz, Q., Sun, W., Javaid, A.Y.: A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN). https://doi.org/10.4108/eai.28-12-2017.153515 (2017)
Oktian, Y.E., Lee, S.G., Lee, H.J., Lam, J.H.: Distributed SDN controller system: a survey on design choice. Comput. Netw. 121, 100–111 (2017). https://doi.org/10.1016/j.comnet.2017.04.038
Padekar, H., Park, Y., Hu, H., Chang, S.-Y.: Enabling dynamic access control for controller applications in software-defined networks. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, pp. 51–61. https://doi.org/10.1145/2914642.2914647 (2016)
Pan, H., Li, Z., Zhang, P., Salamatian, K., Xie, G.: Misconfiguration checking for SDN: data structure, theory and algorithms. In: 2020 IEEE 28th International Conference on Network Protocols (ICNP), pp. 1–11. https://doi.org/10.1109/ICNP49622.2020.9259353 (2020)
Phan, T.V, Gias, T.M.R., Islam, S.T., Huong, T.T., Thanh, N.H., Bauschert, T.: Q-MIND: defeating stealthy DoS attacks in SDN with a machine-learning based defense framework. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. https://doi.org/10.1109/GLOBECOM38437.2019.9013585 (2019)
Phan, T.V., Park, M.: Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access. 7, 18701–18714 (2019). https://doi.org/10.1109/ACCESS.2019.2896783
Qasmaoui, Y., Haqiq, A.: Solid-flow: a flow rules security mechanism for SDN. In: 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech), pp. 1–7. https://doi.org/10.1109/CloudTech.2017.8284734 (2017)
Qazi, Z.A., Lee, J., Jin, T., Bellala, G., Arndt, M., Noubir, G.: Application-awareness in SDN. SIGCOMM Comput. Commun. Rev. 43(4), 487–488 (2013). https://doi.org/10.1145/2534169.2491700
Qi, C., Wu, J., Hu, H., Cheng, G., Liu, W., Ai, J., Yang, C.: An intensive security architecture with multi-controller for SDN. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 401–402. https://doi.org/10.1109/INFCOMW.2016.7562109 (2016)
Raikar, M.M., Meena, S.M., Mulla, M.M., Shetti, N.S., Karanandi, M.: Data traffic classification in software defined networks (SDN) using supervised-learning. Procedia Comput. Sci. 171, 2750–2759 (2020). https://doi.org/10.1016/J.PROCS.2020.04.299
Ranjbar, A., Komu, M., Salmela, P., Aura, T.: An SDN-based approach to enhance the end-to-end security: SSL/TLS case study. In: NOMS 2016–2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281–288. https://doi.org/10.1109/NOMS.2016.7502823 (2016)
Saâdaoui, A., Ben Youssef Ben Souayeh, N., Bouhoula, A.: Automated and optimized formal approach to verify SDN access-control misconfigurations. In: Gao, H., Yin, Y., Yang, X., Miao, H. (eds.) International Conference on Testbeds and Research Infrastructure, pp. 96–112. Springer (2019)
Sadqi, Y., Maleh, Y.: A systematic review and taxonomy of web applications threats. Inf. Secur. J. Glob. Perspect. 31(1), 1–27 (2022). https://doi.org/10.1080/19393555.2020.1853855
Sahoo, K.S., Tripathy, B.K., Naik, K., Ramasubbareddy, S., Balusamy, B., Khari, M., Burgos, D.: An evolutionary SVM model for DDOS attack detection in software defined networks. IEEE Access. 8, 132502–132513 (2020). https://doi.org/10.1109/ACCESS.2020.3009733
Schehlmann, L., Abt, S., Baier, H.: Blessing or curse? Revisiting security aspects of Software-Defined Networking. In: 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 382–387. https://doi.org/10.1109/CNSM.2014.7014199 (2014)
Schueller, Q., Basu, K., Younas, M., Patel, M., Ball, F.: A hierarchical intrusion detection system using support vector machine for SDN network in cloud data center. In: 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp. 1–6. https://doi.org/10.1109/ATNAC.2018.8615255 (2018)
Sebbar, A., Boulmalf, M., Kettani, M.D.E.C.El., Baddi, Y.: Detection MITM attack in multi-SDN controller. In: 2018 IEEE 5th International Congress on Information Science and Technology (CiSt), pp. 583–587. https://doi.org/10.1109/CIST.2018.8596479 (2018)
Shaghaghi, A., Kaafar, M.A., Buyya, R., Jha, S.: Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions. ArXiv Preprint ArXiv:1804.00262 (2018)
Shuangyu, H., Jianwei, L., Jian, M., Jie, C.: Hierarchical solution for access control and authentication in software defined networks. In: Au, M.H., Carminati, B., Kuo, C.-C.J. (eds.) International Conference on Network and System Security, pp. 70–81. Springer (2014a)
Sudar, K.M., Deepalakshmi, P.: Comparative study on IDS using machine learning approaches for software defined networks. Int. J. Intell. Enterp. 7(1–3), 15–27 (2020). https://doi.org/10.1504/IJIE.2020.104642
Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep recurrent neural network for intrusion detection in SDN-based Networks. In: 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft), pp. 202–206. https://doi.org/10.1109/NETSOFT.2018.8460090 (2018)
Wang, H.: Authentic and confidential policy distribution in software defined wireless network. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 1167–1171. https://doi.org/10.1109/IWCMC.2014.6906520 (2014)
Wang, M., Liu, J., Chen, J., Liu, X., Mao, J.: PERM-GUARD: authenticating the validity of flow rules in software defined networking. In: Proceedings – 2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015 – IEEE International Symposium of Smart Cloud, IEEE SSC 2015, 37, pp. 127–132. https://doi.org/10.1109/CSCloud.2015.89 (2016)
Yan, Z., Zhang, P., Vasilakos, A.V.: A security and trust framework for virtualized networks and software-defined networking. Secur. Commun. Netw. 9(16), 3059–3069 (2016). https://doi.org/10.1002/sec.1243
Yue, M., Wang, H., Liu, L., Wu, Z.: Detecting DoS attacks based on multi-features in SDN. IEEE Access. 8, 104688–104700 (2020). https://doi.org/10.1109/ACCESS.2020.2999668
Zhang, H., Cai, Z., Liu, Q., Xiao, Q., Li, Y., Cheang, C.F.: A survey on security-aware measurement in SDN. In: Security and Communication Networks, 2018 (2018)
Zhang, L., Wang, Z., Gu, K., Miao, F., Guo, Y.: Transparent synchronization based port mutation scheme in SDN network. In: 2016 5th International Conference on Computer Science and Network Technology (ICCSNT), pp. 581–585. https://doi.org/10.1109/ICCSNT.2016.8070225 (2016a)
Zhang, L., Wei, Q., Gu, K., Yuwen, H.: Path hopping based SDN network defense technology. In: 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD), pp. 2058–2063. https://doi.org/10.1109/FSKD.2016.7603498 (2016b)
Zhou, H., Wu, C., Yang, C., Wang, P., Yang, Q., Lu, Z., Cheng, Q.: SDN-RDCD: a real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans. Networking. 26(5), 2048–2061 (2018). https://doi.org/10.1109/TNET.2018.2859483
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Maleh, Y., Sahid, A., Abd El-Latif, A.A., Ouazzane, K. (2024). Machine Learning Techniques for Secure Edge SDN. In: Abd El-Latif, A.A., Tawalbeh, L., Maleh, Y., Gupta, B.B. (eds) Secure Edge and Fog Computing Enabled AI for IoT and Smart Cities . EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-031-51097-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-51097-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51096-0
Online ISBN: 978-3-031-51097-7
eBook Packages: EngineeringEngineering (R0)