This page has only limited features, please log in for full access.
Song Wang received his B.E. in Communication Engineering from Shanghai University, China, in 2007, and Master in Telecommunication Engineering from RMIT University, Australia, in 2016, where he is currently pursuing Ph.D. degree in electrical and electronic engineering. His research interest is in the security of software defined network, machine learning and internet of things.
Software-Defined Networking (SDN) and Internet of Things (IoT) are the trends of network evolution. SDN mainly focuses on the upper level control and management of networks, while IoT aims to bring devices together to enable sharing and monitoring of real-time behaviours through network connectivity. On the one hand, IoT enables us to gather status of devices and networks and to control them remotely. On the other hand, the rapidly growing number of devices challenges the management at the access and backbone layer and raises security concerns of network attacks, such as Distributed Denial of Service (DDoS). The combination of SDN and IoT leads to a promising approach that could alleviate the management issue. Indeed, the flexibility and programmability of SDN could help in simplifying the network setup. However, there is a need to make a security enhancement in the SDN-based IoT network for mitigating attacks involving IoT devices. In this article, we discuss and analyse state-of-the-art DDoS attacks under SDN-based IoT scenarios. Furthermore, we verify our SDN sEcure COntrol and Data plane (SECOD) algorithm to resist DDoS attacks on the real SDN-based IoT testbed. Our results demonstrate that DDoS attacks in the SDN-based IoT network are easier to detect than in the traditional network due to IoT traffic predictability. We observed that random traffic (UDP or TCP) is more affected during DDoS attacks. Our results also show that the probability of a controller becoming halt is 10%, while the probability of a switch getting unresponsive is 40%.
Song Wang; Karina Gomez; Kandeepan Sithamparanathan; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm. Applied Sciences 2021, 11, 929 .
AMA StyleSong Wang, Karina Gomez, Kandeepan Sithamparanathan, Muhammad Rizwan Asghar, Giovanni Russello, Paul Zanna. Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm. Applied Sciences. 2021; 11 (3):929.
Chicago/Turabian StyleSong Wang; Karina Gomez; Kandeepan Sithamparanathan; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. 2021. "Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm." Applied Sciences 11, no. 3: 929.
As a popular application of Internet of Things (IoT), Smart City Frameworks aim to provide real time tracking, intelligent control and surveillance across the city. Thus the improvement of resource utilization is a big concern in the management, how to administer such a massive network to meet the requirement of different services? Software Defined Network (SDN) is an ideal solution in customizing networks; however the security feature is the common challenge in both SDN and IoT. In this paper, we propose a framework that uses smart techniques for improving the security features of SDN for smart city applications and diminishing the risk of network invasion. Our SDN Security Framework (SDN-SF) combines two techniques: i) it restrains the unnecessary path between IoT nodes, and ii) it classifies devices into three levels from a combination of MAC address and HTTP request. Additionally, thresholds derived from historical behavior are used for anomaly detection in order to enhance network adaptation. Our result collected from real SDN-based IoT testbed demonstrates that our SDN-SF for Smart City scenarios is able to detect and mitigate malicious traffic with 99.9% of detection rate and 0.5-1 second of detection time in both the control and data plane, respectively.
Song Wang; Karina Mabell Gomez; Kandeepan Sithamparanathan; Paul Zanna. Software Defined Network Security Framework for IoT based Smart Home and City Applications. 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS) 2019, 1 -8.
AMA StyleSong Wang, Karina Mabell Gomez, Kandeepan Sithamparanathan, Paul Zanna. Software Defined Network Security Framework for IoT based Smart Home and City Applications. 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS). 2019; ():1-8.
Chicago/Turabian StyleSong Wang; Karina Mabell Gomez; Kandeepan Sithamparanathan; Paul Zanna. 2019. "Software Defined Network Security Framework for IoT based Smart Home and City Applications." 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS) , no. : 1-8.
Zodiac-FX is the first OpenFlow switch designed to sit on a desk, not in a datacenter. In this demo, we present Zodiac-FX the world's smallest OpenFlow Software Defined Network Switch. Our main objective is to showcase the usage and functionalities of Zodiac-FX in handling OpenFlow protocol. We will also demonstrate SDN sEcure COntrol and Data Plane (SECOD), an SDN secure controller algorithm to detect and defend SDN against DoS attacks. We will demonstrate Zodiac-FX and SECOD value via experiments within real traffic and Denial- of-Service (DoS) attacks allowing the audience to interact with the complete toolkit system.
Song Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan; Paul Zanna. The smallest software defined network testbed in the world: Performance and security. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium 2018, 1 -2.
AMA StyleSong Wang, Karina Gomez Chavez, Sithamparanathan Kandeepan, Paul Zanna. The smallest software defined network testbed in the world: Performance and security. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. 2018; ():1-2.
Chicago/Turabian StyleSong Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan; Paul Zanna. 2018. "The smallest software defined network testbed in the world: Performance and security." NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium , no. : 1-2.
Although the popularity of Software-Defined Networking (SDN) is increasing, it is also vulnerable to security attacks such as Denial of Service (DoS) attacks. Since in SDN, the control plane is isolated from the data plane, DoS attackers can easily target the control plane to impair the network infrastructure in addition to the data plane to degrade the user's Quality of Service (QoS). In our previous work, we introduced SECO, an SDN Secure Controller algorithm to detect and defend SDN against DoS attacks. Simulation results showed that SECO successfully defends SDN networks from DoS attacks. In this paper, we present SDN sEcure COntrol and Data Plane (SECOD), which is an improved version of SECO. Basically, SECOD introduces new triggers to detect and prevent DoS attacks in both control and data planes. Moreover, SECOD is implemented and tested using SDN-based hardware testbed, OpenFlow-based switch, and RYU controller to capture the dynamics of realistic hardware and software. The results show that SECOD successfully detects and effectively mitigates DoS attacks on SDN networks keeping data plane performance at 99.72% compared to a network not under attack.
Song Wang; Sathyanarayanan Chandrasekharan; Karina Gomez; Sithamparanathan Kandeepan; Akram Al-Hourani; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium 2018, 1 -5.
AMA StyleSong Wang, Sathyanarayanan Chandrasekharan, Karina Gomez, Sithamparanathan Kandeepan, Akram Al-Hourani, Muhammad Rizwan Asghar, Giovanni Russello, Paul Zanna. SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. 2018; ():1-5.
Chicago/Turabian StyleSong Wang; Sathyanarayanan Chandrasekharan; Karina Gomez; Sithamparanathan Kandeepan; Akram Al-Hourani; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. 2018. "SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks." NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium , no. : 1-5.
Software Defined Network (SDN) brings additional flexibility to the traditional network allowing the implementation of intelligent information processing. SDN introduces a new architecture, where the controller acts as the brain of the network controlling several tasks such as routing, load balancing and providing the required quality of service (QoS). However, having a centralized controller makes the network vulnerable in terms of security. This paper introduces SDN sEcure COntroller (SECO) a novel and simple detect and defense algorithm, running in the controller, for improving SDN security features under Denial of Service (DoS) attacks. The network performance during attack is tested with and without the SECO algorithm. In this paper we show by means of simulations that the DoS attacks can degrade the controller's performance and the proposed algorithm could significantly reduce the impact of such DoS attacks.
Song Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan. SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks. 2017 5th International Conference on Information and Communication Technology (ICoIC7) 2017, 1 -6.
AMA StyleSong Wang, Karina Gomez Chavez, Sithamparanathan Kandeepan. SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks. 2017 5th International Conference on Information and Communication Technology (ICoIC7). 2017; ():1-6.
Chicago/Turabian StyleSong Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan. 2017. "SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks." 2017 5th International Conference on Information and Communication Technology (ICoIC7) , no. : 1-6.