Skip to main content
SpringerLink
Log in

An improved network security situation assessment approach in software defined networks

  • Published:
Peer-to-Peer Networking and Applications Aims and scope Submit manuscript

Abstract

Software Defined Network (SDN) is a network framework which can be controlled and defined by software programming, and OpenFlow is the basic protocol in SDN that defines the communication protocol between SDN control plane and data plane. With the deployment of SDN in reality, many security threats and issues are of great concern. In this paper, we propose a security situation awareness approach for SDN. This approach focuses on the attacks like network scanning attack, OpenFlow flooding attack, switch compromised attack and ARP attack in both data plane and control plane. Based on the features of these attacks, we use multiple observations hidden Markov model (HMM) to quantify the network status and then get the security situation assessment values for SDN. The proposed approach can also detect these four attacks and predict the network status based on HMM when given a sequence of observed feature values. We build a test scenario to simulate our approach with Ryu controller and OpenFlow switch and prove the feasibility of this approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Antikainen M, Aura T, Särelä M (2014) Spook in your network: attacking an sdn with a compromised openflow switch. In: Nordic conference on secure IT systems. Springer, pp 229–244

  2. Asadi N, Mirzaei A, Haghshenas E (2013) Multiple observations hmm learning by aggregating ensemble models. IEEE Trans Signal Process 61(22):5767–5776

    Article  MathSciNet  Google Scholar 

  3. Ballmann B (2015) Understanding network hacks: attack and defense with python. Springer

  4. Bates A, Butler K, Haeberlen A, Sherr M, Zhou W (2014) Let sdn be your eyes: secure forensics in data center networks. In: Proceedings of the NDSS workshop on security of emerging network technologies (SENT14)

  5. Bode MA, Oluwadare SA, Alese BK, Thompson AFB (2015) Risk analysis in cyber situation awareness using bayesian approach. In: International conference on cyber situational awareness, data analytics and assessment (CyberSA), 2015. IEEE, pp 1–12

  6. Braga R, Mota E, Passito A (2010) Lightweight ddos flooding attack detection using nox/openflow. In: IEEE 35th conference on local computer networks (LCN), 2010. IEEE, pp 408–415

  7. Chi PW, Kuo CT, Guo JW, Lei CL (2015) How to detect a compromised sdn switch. In: 1st IEEE conference on network softwarization (netsoft), 2015. IEEE, pp 1–6

  8. De Oliveira RLS, Shinoda AA, Schweitzer CM, Prete LR (2014) Using mininet for emulation and prototyping software-defined networks. In: IEEE Colombian conference on communications and computing (COLCOM), 2014. IEEE, pp 1–6

  9. Friedberg I, Skopik F, Fiedler R (2015) Cyber situational awareness through network anomaly detection: state of the art and new approaches. e & i Elektrotechnik und Informationstechnik 132(2):101–105

    Article  Google Scholar 

  10. Fuertes W, Zambrano P, Sánchez M., Gamboa P (2011) Alternative engine to detect and block port scan attacks using virtual network environments. International Journal of Computer Science and Network Security 11(11):14–23

    Google Scholar 

  11. Giotis K, Androulidakis G, Maglaris V (2014) Leveraging sdn for efficient anomaly detection and mitigation on legacy networks. In: Third European workshop on software defined networks (EWSDN), 2014. IEEE, pp 85–90

  12. Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments. Comput Netw 62:122–136

    Article  Google Scholar 

  13. Hua SJ, Sun ZR (2001) Support vector machine approach for protein subcellular localization prediction. Bioinformatics 17(8):721–728

    Article  Google Scholar 

  14. Klaedtke F, Karame GO, Bifulco R, Cui H (2014) Access control for sdn controllers. In: Proceedings of the third workshop on hot topics in software defined networking. ACM, pp 219–220

  15. Kloti R, Kotronis V, Smith P (2013) Openflow: a security analysis. In: 21st IEEE international conference on network protocols (ICNP), 2013. IEEE, pp 1–6

  16. Kobayashi TH, Batista AB, Brito AM, Pires PSM (2007) Using a packet manipulation tool for security analysis of industrial network protocols. In: IEEE conference on emerging technologies and factory automation, 2007. ETFA. IEEE, pp 744–747

  17. Lou HL (1995) Implementing the viterbi algorithm. IEEE Signal Process Mag 12(5):42–52

    Article  Google Scholar 

  18. Ma H, Ding H, Yang Y, Mi Z, Yang JYF, Xiong ZG (2016) Bayes-based arp attack detection algorithm for cloud centers. Tsinghua Sci Technol 21(1):17–28

    Article  Google Scholar 

  19. Masoud MZ, Jaradat Y, Jannoud I (2015) On preventing arp poisoning attack utilizing software defined network (sdn) paradigm. In: IEEE Jordan conference on applied electrical engineering and computing technologies (AEECT), 2015. IEEE, pp 1–5

  20. Matias J, Garay J, Mendiola A, Toledo N, Eduardo J (2014) Flownac: Flow-based network access control. In: Third European workshop on software defined networks (EWSDN), 2014. IEEE, pp 79–84

  21. Niyaz Q, Sun W, Javaid AY (2016) A deep learning based ddos detection system in software-defined networking (sdn). arXiv:1611.07400

  22. Pak C, Cannady J (2009) Asset priority risk assessment using hidden markov models. In: Proceedings of the 10th ACM conference on SIG-information technology education. ACM, pp 65–73

  23. Pérez Ó, Piccardi M, García J, Patricio M, Molina J (2007) Comparison between genetic algorithms and the baum-welch algorithm in learning hmms for human activity classification. Applications of Evolutionary Computing 399–406

  24. Porras PA, Cheung S, Fong MW, Skinner K, Yegneswaran V (2015) Securing the software defined network control layer. In: NDSS

  25. Scott-Hayward S, O’Callaghan G, Sezer S (2013) Sdn security: a survey. In: IEEE SDN For future networks and services (SDN4FNS), 2013. IEEE, pp 1–7

  26. Shalimov A, Zuikov D, Zimarina D, Pashkov V, Smeliansky R (2013) Advanced study of sdn/openflow controllers. In: Proceedings of the 9th central & eastern European software engineering conference in Russia. ACM, p 1

  27. Van Tilborg HC, Sushil J (2014) Encyclopedia of cryptography and security. Springer Science & Business Media

  28. Wang XL, Chen M, Xing CY, Sun Z, Wu QF (2016) Software defined security networking mechanism to defend against ddos attacks. Ruan Jian Xue Bao/Journal of Software 27(12):3104–3119

    Google Scholar 

  29. Xi RR, Yun XC, Zhang YZ, Hao ZY (2015) An improved quantitative evaluation method for network security. Chinese Journal of Computers 38(4):749–758

    MathSciNet  Google Scholar 

  30. Yan Q, Yu FR, Gong QX, Li JQ (2016) Software-defined networking (sdn) and distributed denial of service (ddos) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials 18(1):602–622

    Article  Google Scholar 

  31. Zhang Y, Liao L, Xu C, Yang M (2016) Hierarchical clustering of group behaviors in cyber situation awareness. In: IEEE international conference on software quality, reliability and security companion (QRS-c), 2016. IEEE, pp 400–401

  32. Zhang Y, Tan XB, Cui XL, Xi HS (2011) Network security situation awareness approach based on Markov game model. Journal of Software 22(3):495–508

    Article  Google Scholar 

Download references

Acknowledgements

This work is supported in part by the National Key R & D Program of China under Grant 2017YFC0803702 and 2017YFB0802302.

Author information

Authors and Affiliations

  1. Tongji University, Shanghai, China

    Zhijie Fan, Ya Xiao & Chengxiang Tan

  2. University of Ottawa, Ottawa, ON, Canada

    Zhijie Fan & Amiya Nayak

  3. The Third Research Institute of the Ministry of Public Security, Shanghai, China

    Zhijie Fan

Authors
  1. Zhijie Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ya Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amiya Nayak
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chengxiang Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ya Xiao.

Additional information

This article is part of the Topical Collection: Special Issue on Software Defined Networking: Trends, Challenges and Prospective Smart Solutions

Guest Editors: Ahmed E. Kamal, Liangxiu Han, Sohail Jabbar, and Liu Lu

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Fan, Z., Xiao, Y., Nayak, A. et al. An improved network security situation assessment approach in software defined networks. Peer-to-Peer Netw. Appl. 12, 295–309 (2019). https://doi.org/10.1007/s12083-017-0604-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12083-017-0604-2

Keywords

Search

Navigation