A novel method against the firewall bypass threat in OpenFlow networks

摘要

Software-Defined Networking (SDN) is an innovational network architecture introduced a couple of years ago. It gives network administrators the ability to directly control the whole network by programming on a centralized controller, without manually configure each device. However, new security challenges come out with SDN development. One significant challenge is to design a secure firewall specifically designed for SDN, since the traditional firewall could be easily bypassed in SDN. To detect and prevent this bypass threat, we propose a novel detection method by modeling the network to a directed graph with two significant features. Then, we implement our method and conduct experiments. The result of experiments show that our method can actively and accurately detect bypass threats for OpenFlow networks.