Experimental Security Analysis of SDN Network by Using Packet Sniffing and Spoofing Technique on POX and Ryu Controller

摘要

Software-Defined Networking (SDN) is an emerging network system which can configure and control the network by using programming technique through the specific controller (On the basis of Control Plane) to control whole network system. In this network system, the control plane and data plane are separated from each other through a specific controller such as Ryu, POX and OpenDayLight controller etc. In this network, the attacker could sniff or spoof the traffic by compromising SDN controllers and may utilize the entire network resources and may damage the entire network system which, in fact, should be disallowed by the controller. Therefore, in this research, we conducted an experiment to demonstrate how to mitigate such kinds of SDN attacks on both POX and Ryu controller separately to establish a secured network through a remotely operated SDN controller. In this research, we conducted two major experiments. Firstly, we conducted the layer 2 security on POX controller. Secondly, we conducted layer 3 security on Ryu controller. To analyze the layer 3 security functionalities of Ryu controller, we set some rules on the controller to filter the packets according to their packet type. Finally, we ensured that Ryu is one of the most comprehensive programmable controllers to provide the security features on SDN to develop firewall application in the future and offer future research direction.