skip to main content
10.1145/2670386.2670390acmotherconferencesArticle/Chapter ViewAbstractPublication PagesiptcommConference Proceedingsconference-collections
research-article

Network security through software defined networking: a survey

Published: 01 October 2014 Publication History

Abstract

Network security is a predominant topic both in academia and industry. Many methods and tools have been proposed but the attackers are still able to launch massive and effective attacks. Keeping the pace with the new threats appearing or becoming more sophisticated everyday is of a paramount of importance. Software Defined Networking (SDN) has recently emerged and promotes the programmability of the networks, which thus allows to enable in-network security functions. This includes firewalls, monitoring applications or middlebox support through OpenFlow devices. Therefore, this paper reviews the related approaches which have been proposed by identifying their scope, their practicability, their advantages and their drawbacks.

References

[1]
H. Abdelnur, R. State, and O. Festor. Advanced Network Fingerprinting. In Recent Advances in Intrusion Detection -- RAID. Springer, 2008.
[2]
J. R. Ballard, I. Rae, and A. Akella. Extensible and scalable network monitoring using opensafe. In Internet Network Management Conference on Research on Enterprise Networking, Berkeley, CA, USA, 2010. USENIX.
[3]
A. Bates, K. Butler, A. Haeberlen, M. Sherr, and W. Zhou. Let SDN be your eyes: Secure forensics in data center networks. In Proceedings of the NDSS Workshop on Security of Emerging Network Technologies (SENT'14), Feb. 2014.
[4]
S. R. Chowdhury, M. F. Bari, R. Ahmed, and R. Boutaba. Payless: A low cost network monitoring framework for software defined networks. In Network Operations and Management Symposium (NOMS), 2014.
[5]
S. K. Fayazbakhsh, V. Sekar, M. Yu, and J. C. Mogul. Flowtags: Enforcing network-wide policies in the presence of dynamic middlebox actions. In SIGCOMM Workshop on Hot Topics in Software Defined Networking - HotSDN. ACM, 2013.
[6]
J. H. Jafarian, E. Al-Shaer, and Q. Duan. Openflow random host mutation: Transparent moving target defense using software defined networking. In Hot Topics in Software Defined Networks - HotSDN. ACM, 2012.
[7]
L. Jose, M. Yu, and J. Rexford. Online measurement of large traffic aggregates on commodity switches. In Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services -- Hot-ICE. USENIX, 2011.
[8]
A. Lahmadi and O. Festor. Secsip: A stateful firewall for sip-based networks. In International Conference on Symposium on Integrated Network Management - IM. IEEE, 2009.
[9]
N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev., 38(2): 69--74, Mar. 2008.
[10]
S. A. Mehdi, J. Khalid, and S. A. Khayam. Revisiting traffic anomaly detection using software defined networking. In Recent Advances in Intrusion Detection -- RAID. Springer, 2011.
[11]
M. Moshref, M. Yu, and R. Govindan. Resource/accuracy tradeoffs in software-defined measurement. In SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 2013.
[12]
A. networks. Worldwide infrastructure security report (2013 report). Technical report, 2014.
[13]
G. Ormazabal, S. Nagpal, E. Yardeni, and H. Schulzrinne. Principles, Systems and Applications of IP Telecommunications - IPTComm. chapter Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems. Springer, 2008.
[14]
T. Peng, C. Leckie, and K. Ramamohanarao. Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems. ACM Comput. Surv., 39(1), 2007.
[15]
R. Perlman. An algorithm for distributed computation of a spanningtree in an extended lan. In Proceedings of the Ninth Symposium on Data Communications, SIGCOMM. ACM, 1985.
[16]
K. Phemius and M. Bouet. Monitoring latency with openflow. In Network and Service Management (CNSM), 2013.
[17]
S. Shin, V. Yegneswaran, P. Porras, and G. Gu. Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In SIGSAC Conference on Computer & Communications Security - CCS. ACM, 2013.
[18]
S. Shirali-Shahreza and Y. Ganjali. Flexam: Flexible sampling extension for monitoring and security applications in openflow. In SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 2013.
[19]
M. Suh, S. H. Park, B. Lee, and S. Yang. Building firewall over the software-defined network controller. In Advanced Communication Technology (ICACT), 2014 16th International Conference on, 2014.
[20]
A. Tootoonchian, M. Ghobadi, and Y. Ganjali. Opentm: Traffic matrix estimator for openflow networks. In International Conference on Passive and Active Measurement - PAM. Springer, 2010.
[21]
N. L. M. Van Adrichem, D. Doerr, and F. A. Kuipers. OpenNetMon: Network Monitoring in OpenFlow Software-Defined Networks. In Network Operations and Management Symposium (NOMS). IEEE/IFIP, 2014.
[22]
C. Yu, C. Lumezanu, Y. Zhang, V. Singh, G. Jiang, and H. V. Madhyastha. Flowsense: Monitoring network utilization with zero measurement cost. In International Conference on Passive and Active Measurement - PAM. Springer, 2013.
[23]
M. Yu, L. Jose, and R. Miao. Software defined traffic measurement with opensketch. In Conference on Networked Systems Design and Implementation - NSDI. USENIX, 2013.
[24]
Y. Zhang. An adaptive flow counting method for anomaly detection in sdn. In Conference on Emerging Networking Experiments and Technologies - CoNEXT. ACM, 2013.

Cited By

View all
  • (2023)Cross-Platform Analysis of Seller Performance and Churn for Ecommerce Using Artificial IntelligenceJournal of Global Information Management10.4018/JGIM.32243931:1(1-21)Online publication date: 2-May-2023
  • (2023)Increasing Continuous Engagement With Open Government DataJournal of Global Information Management10.4018/JGIM.32243731:1(1-21)Online publication date: 2-May-2023
  • (2023)Digital Transformation and Firm PerformanceJournal of Global Information Management10.4018/JGIM.32210431:1(1-23)Online publication date: 26-Apr-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
IPTComm '14: Proceedings of the Conference on Principles, Systems and Applications of IP Telecommunications
October 2014
65 pages
ISBN:9781450321242
DOI:10.1145/2670386
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. OpenFlow
  2. SDN
  3. anomaly detection
  4. firewall
  5. monitoring
  6. security

Qualifiers

  • Research-article

Funding Sources

  • Fonds National de la Recherche, Luxembourg

Conference

IPTComm '14

Acceptance Rates

Overall Acceptance Rate 18 of 62 submissions, 29%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)26
  • Downloads (Last 6 weeks)2
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Cross-Platform Analysis of Seller Performance and Churn for Ecommerce Using Artificial IntelligenceJournal of Global Information Management10.4018/JGIM.32243931:1(1-21)Online publication date: 2-May-2023
  • (2023)Increasing Continuous Engagement With Open Government DataJournal of Global Information Management10.4018/JGIM.32243731:1(1-21)Online publication date: 2-May-2023
  • (2023)Digital Transformation and Firm PerformanceJournal of Global Information Management10.4018/JGIM.32210431:1(1-23)Online publication date: 26-Apr-2023
  • (2023)Does More Investment in Universities Improve Their Performances?Journal of Global Information Management10.4018/JGIM.32051731:1(1-20)Online publication date: 24-Mar-2023
  • (2023)Factors Influencing Consumers' Intentions to Switch to Live Commerce From Push-Pull-Mooring PerspectiveJournal of Global Information Management10.4018/JGIM.31997231:1(1-30)Online publication date: 17-Mar-2023
  • (2023)A Truss-Based Framework for Graph Similarity ComputationJournal of Database Management10.4018/JDM.32208734:1(1-18)Online publication date: 25-Apr-2023
  • (2023)Towards Effective Intrusion Detection in OpenFlow-Based SDN ArchitecturesInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology10.32628/CSEIT2390631(210-220)Online publication date: 1-Dec-2023
  • (2022)CPACK: An Intelligent Cyber-Physical Access Control Kit for Protecting NetworkSensors10.3390/s2220801422:20(8014)Online publication date: 20-Oct-2022
  • (2022)A comprehensive survey on SDN security: threats, mitigations, and future directionsJournal of Reliable Intelligent Environments10.1007/s40860-022-00171-89:2(201-239)Online publication date: 8-Feb-2022
  • (2022)Efficient and Secure Topology Discovery in SDN: ReviewAdvances on Intelligent Informatics and Computing10.1007/978-3-030-98741-1_33(397-412)Online publication date: 30-Mar-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media