Visible to the public Biblio

Found 112 results

Filters: Keyword is SDN  [Clear All Filters]
2020-08-03
POLAT, Hüseyin, POLAT, Onur, SÖĞÜT, Esra, ERDEM, O. Ayhan.  2019.  Performance Analysis of Between Software Defined Wireless Network and Mobile Ad Hoc Network Under DoS Attack. 2019 3rd International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1–5.

The traditional network used today is unable to meet the increasing needs of technology in terms of management, scaling, and performance criteria. Major developments in information and communication technologies show that the traditional network structure is quite lacking in meeting the current requirements. In order to solve these problems, Software Defined Network (SDN) is capable of responding as it, is flexible, easier to manage and offers a new structure. Software Defined Networks have many advantages over traditional network structure. However, it also brings along many security threats due to its new architecture. For example, the DoS attack, which overloads the controller's processing and communication capacity in the SDN structure, is a significant threat. Mobile Ad Hoc Network (MANET), which is one of the wireless network technologies, is different from SDN technology. MANET is exposed to various attacks such as DoS due to its security vulnerabilities. The aim of the study is to reveal the security problems in SDN structure presented with a new understanding. This is based on the currently used network structures such as MANET. The study consists of two parts. First, DoS attacks against the SDN controller were performed. Different SDN controllers were used for more accurate results. Second, MANET was established and DoS attacks against this network were performed. Different MANET routing protocols were used for more accurate results. According to the scenario, attacks were performed and the performance values of the networks were tested. The reason for using two different networks in this study is to compare the performance values of these networks at the time of attack. According to the test results, both networks were adversely affected by the attacks. It was observed that network performance decreased in MANET structure but there was no network interruption. The SDN controller becomes dysfunctional and collapses as a result of the attack. While the innovations offered by the SDN structure are expected to provide solutions to many problems in traditional networks, there are still many vulnerabilities for network security.

2020-06-29
Sebbar, Anass, Zkik, Karim, Baadi, Youssef, Boulmalf, Mohammed, ECH-CHERIF El KETTANI, Mohamed Dafir.  2019.  Using advanced detection and prevention technique to mitigate threats in SDN architecture. 2019 15th International Wireless Communications Mobile Computing Conference (IWCMC). :90–95.
Software defined networks represent a new centralized network abstraction that aims to ease configuration and facilitate applications and services deployment to manage the upper layers. However, SDN faces several challenges that slow down its implementation such as security which represents one of the top concerns of SDN experts. Indeed, SDN inherits all security matters from traditional networks and suffers from some additional vulnerability due to its centralized and unique architecture. Using traditional security devices and solutions to mitigate SDN threats can be very complicated and can negatively effect the networks performance. In this paper we propose a study that measures the impact of using some well-known security solution to mitigate intrusions on SDN's performances. We will also present an algorithm named KPG-MT adapted to SDN architecture that aims to mitigate threats such as a Man in the Middle, Deny of Services and malware-based attacks. An implementation of our algorithm based on multiple attacks' scenarios and mitigation processes will be made to prove the efficiency of the proposed framework.
Ahuja, Nisha, Singal, Gaurav.  2019.  DDOS Attack Detection Prevention in SDN using OpenFlow Statistics. 2019 IEEE 9th International Conference on Advanced Computing (IACC). :147–152.
Software defined Network is a network defined by software, which is one of the important feature which makes the legacy old networks to be flexible for dynamic configuration and so can cater to today's dynamic application requirement. It is a programmable network but it is prone to different type of attacks due to its centralized architecture. The author provided a solution to detect and prevent Distributed Denial of service attack in the paper. Mininet [5] which is a popular emulator for Software defined Network is used. We followed the approach in which collection of the traffic statistics from the various switches is done. After collection we calculated the packet rate and bandwidth which shoots up to high values when attack take place. The abrupt increase detects the attack which is then prevented by changing the forwarding logic of the host nodes to drop the packets instead of forwarding. After this, no more packets will be forwarded and then we also delete the forwarding rule in the flow table. Hence, we are finding out the change in packet rate and bandwidth to detect the attack and to prevent the attack we modify the forwarding logic of the switch flow table to drop the packets coming from malicious host instead of forwarding it.
Kaljic, Enio, Maric, Almir, Njemcevic, Pamela.  2019.  DoS attack mitigation in SDN networks using a deeply programmable packet-switching node based on a hybrid FPGA/CPU data plane architecture. 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT). :1–6.
The application of the concept of software-defined networks (SDN) has, on the one hand, led to the simplification and reduction of switches price, and on the other hand, has created a significant number of problems related to the security of the SDN network. In several studies was noted that these problems are related to the lack of flexibility and programmability of the data plane, which is likely first to suffer potential denial-of-service (DoS) attacks. One possible way to overcome this problem is to increase the flexibility of the data plane by increasing the depth of programmability of the packet-switching nodes below the level of flow table management. Therefore, this paper investigates the opportunity of using the architecture of deeply programmable packet-switching nodes (DPPSN) in the implementation of a firewall. Then, an architectural model of the firewall based on a hybrid FPGA/CPU data plane architecture has been proposed and implemented. Realized firewall supports three models of DoS attacks mitigation: DoS traffic filtering on the output interface, DoS traffic filtering on the input interface, and DoS attack redirection to the honeypot. Experimental evaluation of the implemented firewall has shown that DoS traffic filtering at the input interface is the best strategy for DoS attack mitigation, which justified the application of the concept of deep network programmability.
Ahalawat, Anchal, Dash, Shashank Sekhar, Panda, Abinas, Babu, Korra Sathya.  2019.  Entropy Based DDoS Detection and Mitigation in OpenFlow Enabled SDN. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). :1–5.
Distributed Denial of Service(DDoS) attacks have become most important network security threat as the number of devices are connected to internet increases exponentially and reaching an attack volume approximately very high compared to other attacks. To make the network safe and flexible a new networking infrastructure such as Software Defined Networking (SDN) has come into effect, which relies on centralized controller and decoupling of control and data plane. However due to it's centralized controller it is prone to DDoS attacks, as it makes the decision of forwarding of packets based on rules installed in switch by OpenFlow protocol. Out of all different DDoS attacks, UDP (User Datagram Protocol) flooding constitute the most in recent years. In this paper, we have proposed an entropy based DDoS detection and rate limiting based mitigation for efficient service delivery. We have evaluated using Mininet as emulator and Ryu as controller by taking switch as OpenVswitch and obtained better result in terms of bandwidth utilization and hit ratio which consume network resources to make denial of service.
Giri, Nupur, Jaisinghani, Rahul, Kriplani, Rohit, Ramrakhyani, Tarun, Bhatia, Vinay.  2019.  Distributed Denial Of Service(DDoS) Mitigation in Software Defined Network using Blockchain. 2019 Third International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :673–678.
A DDoS attack is a spiteful attempt to disrupt legitimate traffic to a server by overwhelming the target with a flood of requests from geographically dispersed systems. Today attackers prefer DDoS attack methods to disrupt target services as they generate GBs to TBs of random data to flood the target. In existing mitigation strategies, because of lack of resources and not having the flexibility to cope with attacks by themselves, they are not considered to be that effective. So effective DDoS mitigation techniques can be provided using emerging technologies such as blockchain and SDN(Software-Defined Networking). We propose an architecture where a smart contract is deployed in a private blockchain, which facilitates a collaborative DDoS mitigation architecture across multiple network domains. Blockchain application is used as an additional security service. With Blockchain, shared protection is enabled among all hosts. With help of smart contracts, rules are distributed among all hosts. In addition, SDN can effectively enable services and security policies dynamically. This mechanism provides ASes(Autonomous Systems) the possibility to deploy their own DPS(DDoS Prevention Service) and there is no need to transfer control of the network to the third party. This paper focuses on the challenges of protecting a hybridized enterprise from the ravages of rapidly evolving Distributed Denial of Service(DDoS) attack.
Yadav, Sanjay Kumar, Suguna, P, Velusamy, R. Leela.  2019.  Entropy based mitigation of Distributed-Denial-of-Service (DDoS) attack on Control Plane in Software-Defined-Network (SDN). 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–7.
SDN is new networking concept which has revolutionized the network architecture in recent years. It decouples control plane from data plane. Architectural change provides re-programmability and centralized control management of the network. At the same time it also increases the complexity of underlying physical infrastructure of the network. Unfortunately, the centralized control of the network introduces new vulnerabilities and attacks. Attackers can exploit the limitation of centralized control by DDoS attack on control plane. The entire network can be compromised by DDoS attack. Based on packet entropy, a solution for mitigation of DDoS attack provided in the proposed scheme.
Xuanyuan, Ming, Ramsurrun, Visham, Seeam, Amar.  2019.  Detection and Mitigation of DDoS Attacks Using Conditional Entropy in Software-defined Networking. 2019 11th International Conference on Advanced Computing (ICoAC). :66–71.
Software-defined networking (SDN) is a relatively new technology that promotes network revolution. The most distinct characteristic of SDN is the transformation of control logic from the basic packet forwarding equipment to a centralized management unit called controller. However, the centralized control of the network resources is like a double-edged sword, for it not only brings beneficial features but also introduces single point of failure if the controller is under distributed denial of service (DDoS) attacks. In this paper, we introduce a light-weight approach based on conditional entropy to improve the SDN security with an aim of defending DDoS at the early stage. The experimental results show that the proposed method has a high average detection rate of 99.372%.
Sun, Wenwen, Li, Yi, Guan, Shaopeng.  2019.  An Improved Method of DDoS Attack Detection for Controller of SDN. 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET). :249–253.
For controllers of Software Defined Network (SDN), Distributed Denial of Service (DDoS) attacks are still the simplest and most effective way to attack. Aiming at this problem, a real-time DDoS detection attack method for SDN controller is proposed. The method first uses the entropy to detect whether the flow is abnormal. After the abnormal warning is issued, the flow entry of the OpenFlow switch is obtained, and the DDoS attack feature in the SDN environment is analyzed to extract important features related to the attack. The BiLSTM-RNN neural network algorithm is used to train the data set, and the BiLSTM model is generated to classify the real-time traffic to realize the DDoS attack detection. Experiments show that, compared with other methods, this method can efficiently implement DDoS attack traffic detection and reduce controller overhead in SDN environment.
2020-06-01
Luo, Xupeng, Yan, Qiao, Wang, Mingde, Huang, Wenyao.  2019.  Using MTD and SDN-based Honeypots to Defend DDoS Attacks in IoT. 2019 Computing, Communications and IoT Applications (ComComAp). :392–395.
With the rapid development of Internet of Things (IoT), distributed denial of service (DDoS) attacks become the important security threat of the IoT. Characteristics of IoT, such as large quantities and simple function, which have easily caused the IoT devices or servers to be attacked and be turned into botnets for launching DDoS attacks. In this paper, we use software-defined networking (SDN) to develop moving target defense (MTD) architecture that increases uncertainty because of ever changing attack surface. In addition, we deploy SDN-based honeypots to mimic IoT devices, luring attackers and malwares. Finally, experimental results show that combination of MTD and SDN-based honeypots can effectively hide network asset from scanner and defend against DDoS attacks in IoT.
Wang, He, Wu, Bin.  2019.  SDN-based hybrid honeypot for attack capture. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1602–1606.
Honeypots have become an important tool for capturing attacks. Hybrid honeypots, including the front end and the back end, are widely used in research because of the scalability of the front end and the high interactivity of the back end. However, traditional hybrid honeypots have some problems that the flow control is difficult and topology simulation is not realistic. This paper proposes a new architecture based on SDN applied to the hybrid honeypot system for network topology simulation and attack traffic migration. Our system uses the good expansibility and controllability of the SDN controller to simulate a large and realistic network to attract attackers and redirect high-level attacks to a high-interaction honeypot for attack capture and further analysis. It improves the deficiencies in the network spoofing technology and flow control technology in the traditional honeynet. Finally, we set up the experimental environment on the mininet and verified the mechanism. The test results show that the system is more intelligent and the traffic migration is more stealthy.
2020-05-15
Khorsandroo, Sajad, Tosun, Ali Saman.  2018.  Time Inference Attacks on Software Defined Networks: Challenges and Countermeasures. 2018 IEEE 11th International Conference on Cloud Computing (CLOUD). :342—349.

Through time inference attacks, adversaries fingerprint SDN controllers, estimate switches flow-table size, and perform flow state reconnaissance. In fact, timing a SDN and analyzing its results can expose information which later empowers SDN resource-consumption or saturation attacks. In the real world, however, launching such attacks is not easy. This is due to some challenges attackers may encounter while attacking an actual SDN deployment. These challenges, which are not addressed adequately in the related literature, are investigated in this paper. Accordingly, practical solutions to mitigate such attacks are also proposed. Discussed challenges are clarified by means of conducting extensive experiments on an actual cloud data center testbed. Moreover, mitigation schemes have been implemented and examined in details. Experimental results show that proposed countermeasures effectively block time inference attacks.

Aydeger, Abdullah, Saputro, Nico, Akkaya, Kemal.  2018.  Utilizing NFV for Effective Moving Target Defense Against Link Flooding Reconnaissance Attacks. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM). :946—951.

Moving target defense (MTD) is becoming popular with the advancements in Software Defined Networking (SDN) technologies. With centralized management through SDN, changing the network attributes such as routes to escape from attacks is simple and fast. Yet, the available alternate routes are bounded by the network topology, and a persistent attacker that continuously perform the reconnaissance can extract the whole link-map of the network. To address this issue, we propose to use virtual shadow networks (VSNs) by applying Network Function Virtualization (NFV) abilities to the network in order to deceive attacker with the fake topology information and not reveal the actual network topology and characteristics. We design this approach under a formal framework for Internet Service Provider (ISP) networks and apply it to the recently emerged indirect DDoS attacks, namely Crossfire, for evaluation. The results show that attacker spends more time to figure out the network behavior while the costs on the defender and network operations are negligible until reaching a certain network size.

2020-05-04
Wang, Fang, Qi, Weimin, Qian, Tonghui.  2019.  A Dynamic Cybersecurity Protection Method based on Software-defined Networking for Industrial Control Systems. 2019 Chinese Automation Congress (CAC). :1831–1834.
In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.
Karmakar, Kallol Krishna, Varadharajan, Vijay, Nepal, Surya, Tupakula, Uday.  2019.  SDN Enabled Secure IoT Architecture. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :581–585.
The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT based applications. In this paper, we present a security architecture for IoT networks by leveraging the underlying features supported by Software Defined Networks (SDN). Our security architecture restricts network access to authenticated IoT devices. We use fine granular policies to secure the flows in the IoT network infrastructure and provide a lightweight protocol to authenticate IoT devices. Such an integrated security approach involving authentication of IoT devices and enabling authorized flows can help to protect IoT networks from malicious IoT devices and attacks.
2020-04-17
Khorsandroo, Sajad, Tosun, Ali Saman.  2019.  White Box Analysis at the Service of Low Rate Saturation Attacks on Virtual SDN Data Plane. 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium). :100—107.

Today's virtual switches not only support legacy network protocols and standard network management interfaces, but also become adapted to OpenFlow as a prevailing communication protocol. This makes them a core networking component of today's virtualized infrastructures which are able to handle sophisticated networking scenarios in a flexible and software-defined manner. At the same time, these virtual SDN data planes become high-value targets because a compromised switch is hard to detect while it affects all components of a virtualized/SDN-based environment.Most of the well known programmable virtual switches in the market are open source which makes them cost-effective and yet highly configurable options in any network infrastructure deployment. However, this comes at a cost which needs to be addressed. Accordingly, this paper raises an alarm on how attackers may leverage white box analysis of software switch functionalities to lunch effective low profile attacks against it. In particular, we practically present how attackers can systematically take advantage of static and dynamic code analysis techniques to lunch a low rate saturation attack on virtual SDN data plane in a cloud data center.

Chen, Guangxuan, Wu, Di, Chen, Guangxiao, Qin, Panke, Zhang, Lei, Liu, Qiang.  2019.  Research on Digital Forensics Framework for Malicious Behavior in Cloud. 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 1:1375—1379.

The difficult of detecting, response, tracing the malicious behavior in cloud has brought great challenges to the law enforcement in combating cybercrimes. This paper presents a malicious behavior oriented framework of detection, emergency response, traceability, and digital forensics in cloud environment. A cloud-based malicious behavior detection mechanism based on SDN is constructed, which implements full-traffic flow detection technology and malicious virtual machine detection based on memory analysis. The emergency response and traceability module can clarify the types of the malicious behavior and the impacts of the events, and locate the source of the event. The key nodes and paths of the infection topology or propagation path of the malicious behavior will be located security measure will be dispatched timely. The proposed IaaS service based forensics module realized the virtualization facility memory evidence extraction and analysis techniques, which can solve volatile data loss problems that often happened in traditional forensic methods.

2020-04-13
Rivera, Sean, Lagraa, Sofiane, Nita-Rotaru, Cristina, Becker, Sheila, State, Radu.  2019.  ROS-Defender: SDN-Based Security Policy Enforcement for Robotic Applications. 2019 IEEE Security and Privacy Workshops (SPW). :114–119.
In this paper we propose ROS-Defender, a holistic approach to secure robotics systems, which integrates a Security Event Management System (SIEM), an intrusion prevention system (IPS) and a firewall for a robotic system. ROS-Defender combines anomaly detection systems at application (ROS) level and network level, with dynamic policy enforcement points using software defined networking (SDN) to provide protection against a large class of attacks. Although SIEMs, IPS, and firewall have been previously used to secure computer networks, ROSDefender is applying them for the specific use case of robotic systems, where security is in many cases an afterthought.
O’Raw, John, Laverty, David, Morrow, D. John.  2019.  Securing the Industrial Internet of Things for Critical Infrastructure (IIoT-CI). 2019 IEEE 5th World Forum on Internet of Things (WF-IoT). :70–75.
The Industrial Internet of Things (IIoT) is a term applied to the industrial application of M2M devices. The security of IIoT devices is a difficult problem and where the automation of critical infrastructure is intended, risks may be unacceptable. Remote attacks are a significant threat and solutions are sought which are secure by default. The problem space may be analyzed using threat modelling methods. Software Defined Networks (SDN) provide mitigation for remote attacks which exploit local area networks. Similar concepts applied to the WAN may improve availability and performance and provide granular data on link characteristics. Schemes such as the Software Defined Perimeter allow IIoT devices to communicate on the Internet, mitigating avenues of remote attack. Finally, separation of duties at the IIoT device may prevent attacks on the integrity of the device or the confidentiality and integrity of its communications. Work remains to be done on the mitigation of DDoS.
2020-03-27
Al-Rushdan, Huthifh, Shurman, Mohammad, Alnabelsi, Sharhabeel H., Althebyan, Qutaibah.  2019.  Zero-Day Attack Detection and Prevention in Software-Defined Networks. 2019 International Arab Conference on Information Technology (ACIT). :278–282.
The zero-day attack in networks exploits an undiscovered vulnerability, in order to affect/damage networks or programs. The term “zero-day” refers to the number of days available to the software or the hardware vendor to issue a patch for this new vulnerability. Currently, the best-known defense mechanism against the zero-day attacks focuses on detection and response, as a prevention effort, which typically fails against unknown or new vulnerabilities. To the best of our knowledge, this attack has not been widely investigated for Software-Defined Networks (SDNs). Therefore, in this work we are motivated to develop anew zero-day attack detection and prevention mechanism, which is designed and implemented for SDN using a modified sandbox tool, named Cuckoo. Our experiments results, under UNIX system, show that our proposed design successfully stops zero-day malwares by isolating the infected client, and thus, prevents these malwares from infesting other clients.
2020-03-23
Rathore, Heena, Samant, Abhay, Guizani, Mohsen.  2019.  A Bio-Inspired Framework to Mitigate DoS Attacks in Software Defined Networking. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–5.
Software Defined Networking (SDN) is an emerging architecture providing services on a priority basis for real-time communication, by pulling out the intelligence from the hardware and developing a better management system for effective networking. Denial of service (DoS) attacks pose a significant threat to SDN, as it can disable the genuine hosts and routers by exhausting their resources. It is thus vital to provide efficient traffic management, both at the data layer and the control layer, thereby becoming more responsive to dynamic network threats such as DoS. Existing DoS prevention and mitigation models for SDN are computationally expensive and are slow to react. This paper introduces a novel biologically inspired architecture for SDN to detect DoS flooding attacks. The proposed biologically inspired architecture utilizes the concepts of the human immune system to provide a robust solution against DoS attacks in SDNs. The two layer immune inspired framework, viz innate layer and adaptive layer, is initiated at the data layer and the control layer of SDN, respectively. The proposed model is reactive and lightweight for DoS mitigation in SDNs.
Kern, Alexander, Anderl, Reiner.  2019.  Securing Industrial Remote Maintenance Sessions using Software-Defined Networking. 2019 Sixth International Conference on Software Defined Systems (SDS). :72–79.
Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.
2020-03-18
Zkik, Karim, Sebbar, Anass, Baadi, Youssef, Belhadi, Amine, Boulmalf, Mohammed.  2019.  An efficient modular security plane AM-SecP for hybrid distributed SDN. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :354–359.

Software defined networks (SDNs) represent new centralized network architecture that facilitates the deployment of services, applications and policies from the upper layers, relatively the management and control planes to the lower layers the data plane and the end user layer. SDNs give several advantages in terms of agility and flexibility, especially for mobile operators and for internet service providers. However, the implementation of these types of networks faces several technical challenges and security issues. In this paper we will focus on SDN's security issues and we will propose the implementation of a centralized security layer named AM-SecP. The proposed layer is linked vertically to all SDN layers which ease packets inspections and detecting intrusions. The purpose of this architecture is to stop and to detect malware infections, we do this by denying services and tunneling attacks without encumbering the networks by expensive operations and high calculation cost. The implementation of the proposed framework will be also made to demonstrate his feasibility and robustness.

2020-03-09
Niemiec, Marcin, Jaglarz, Piotr, Jekot, Marcin, Chołda, Piotr, Boryło, Piotr.  2019.  Risk Assessment Approach to Secure Northbound Interface of SDN Networks. 2019 International Conference on Computing, Networking and Communications (ICNC). :164–169.
The most significant threats to networks usually originate from external entities. As such, the Northbound interface of SDN networks which ensures communication with external applications requires particularly close attention. In this paper we propose the Risk Assessment and Management approach to SEcure SDN (RAMSES). This novel solution is able to estimate the risk associated with traffic demand requests received via the Northbound-API in SDN networks. RAMSES quantifies the impact on network cost incurred by expected traffic demands and specifies the likelihood of adverse requests estimated using the reputation system. Accurate risk estimation allows SDN network administrators to make the right decisions and mitigate potential threat scenarios. This can be observed using extensive numerical verification based on an network optimization tool and several scenarios related to the reputation of the sender of the request. The verification of RAMSES confirmed the usefulness of its risk assessment approach to protecting SDN networks against threats associated with the Northbound-API.
2020-02-26
Sanjeetha, R., Benoor, Pallavi, Kanavalli, Anita.  2019.  Mitigation of DDoS Attacks in Software Defined Networks at Application Level. 2019 PhD Colloquium on Ethically Driven Innovation and Technology for Society (PhD EDITS). :1–3.

Software-Defined Network's (SDN) core working depends on the centralized controller which implements the control plane. With the help of this controller, security threats like Distributed Denial of Service (DDoS) attacks can be identified easily. A DDoS attack is usually instigated on servers by sending a huge amount of unwanted traffic that exhausts its resources, denying their services to genuine users. Earlier research work has been carried out to mitigate DDoS attacks at the switch and the host level. Mitigation at switch level involves identifying the switch which sends a lot of unwanted traffic in the network and blocking it from the network. But this solution is not feasible as it will also block genuine hosts connected to that switch. Later mitigation at the host level was introduced wherein the compromised hosts were identified and blocked thereby allowing genuine hosts to send their traffic in the network. Though this solution is feasible, it will block the traffic from the genuine applications of the compromised host as well. In this paper, we propose a new way to identify and mitigate the DDoS attack at the application level so that only the application generating the DDoS traffic is blocked and other genuine applications are allowed to send traffic in the network normally.