Visible to the public On achieving SDN controller diversity for improved network security using coloring algorithm

TitleOn achieving SDN controller diversity for improved network security using coloring algorithm
Publication TypeConference Paper
Year of Publication2017
AuthorsWang, Z., Hu, H., Zhang, C.
Conference Name2017 3rd IEEE International Conference on Computer and Communications (ICCC)
Date Publisheddec
KeywordsColor, coloring algorithm, Communication networks, computer network security, distributed control, distributed controllers system, diversity, improved network security, malicious controller, multicontrollers deployment, neighboring controllers, network design, network management, network programmability, pubcrawl, Resiliency, Scalability, scalability issue, SDN control plane, SDN controller diversity, SDN paradigm rings flexibility, SDN security, security, security performance, Silicon, SIS, Software algorithms, software defined networking, Surfaces, Susceptible-Infectious-Susceptible epidemic model, telecommunication control, telecommunication network management

The SDN (Software Defined Networking) paradigm rings flexibility to the network management and is an enabler to offer huge opportunities for network programmability. And, to solve the scalability issue raised by the centralized architecture of SDN, multi-controllers deployment (or distributed controllers system) is envisioned. In this paper, we focus on increasing the diversity of SDN control plane so as to enhance the network security. Our goal is to limit the ability of a malicious controller to compromise its neighboring controllers, and by extension, the rest of the controllers. We investigate a heterogeneous Susceptible-Infectious-Susceptible (SIS) epidemic model to evaluate the security performance and propose a coloring algorithm to increase the diversity based on community detection. And the simulation results demonstrate that our algorithm can reduce infection rate in control plane and our work shows that diversity must be introduced in network design for network security.

Citation Keywang_achieving_2017