Publication

Abstract : Software-Defined-Networking (SDN) is a paradigm shift that re-thinks conventional legacy network design/operations/abstractions and makes future networks openly programmable, controllable, scalable and affordable. As a game changer in modern internetworking technologies, SDN is widely accepted by enterprises, with use in domains ranging from private home networks to small/medium scale workgroup networks to corporate backbone to large-scale wide-area cloud networks. Employing SDN in modern networks provides the much needed agility and visibility to orchestrate and deploy network solutions. But from the security perspectives in terms of threat attack prediction and risk mitigation, especially for the advanced persistent attacks such as DDoS and side channel attacks in Clouds, SDN stack control plane saturation attacks, switch flow table exhaustion attacks - there are still open challenges in SDN environments. In this paper, at first, we present the taxonomy of threats, risks and attack vectors that can disrupt the SDN stack and present various approaches to solve these problems, to deploy SDN securely in production environments. We survey existing research on SDN and the results of our thorough analysis, comparative study of key principles, trade-offs and evaluation of the well-known techniques for SDN security are also presented. To address the key shortcomings and limitations of the existing solutions, we propose our future work a novel framework to effectively monitor and tackle the SDN security issues. Our proposed framework includes a dynamic security semantic monitoring system that decouples monitoring from packet forwarding, and offers flexible fine-grained monitoring, which also integrate well with the SDN architecture. This system will employ machinelearning techniques for fingerprinting, accurate detection of behavioral patterns; attack flows and anomalies in the SDN based networks.