Securing OpenFlow Controller of Software-Defined Networks using Bayesian Network

摘要

Software-defined networking (SDN) is a new network architecture that has been proven to enhance network performance and reliability. OpenFlow is one of the most acceptable standards for building SDN solutions. Although OpenFlow promotes logically centralized control of network switches and routers in SDN environment, security is of major important for SDN deployment. The security of OpenFlow controller can be optionally implemented using Transport Layer Security (TLS). The aim of this research is to strengthen the security of the existing OpenFlow controller that can still be coupled with TLS implementation. Basic packet filtering was initially employed by inspecting the properties of each packet individually and then Bayesian network (BN) classifier was used to detect and filter unusual packet flows. Subsequently, this work was tested using Mininet as a network emulator for prototyping SDN controller functions on Ryu controller platform. The results show that the proposed work can significantly mitigate network attacks with small processing time and therefore help strengthen the security of the existing SDNs.