This page has only limited features, please log in for full access.
Software-Defined Networking (SDN) and Internet of Things (IoT) are the trends of network evolution. SDN mainly focuses on the upper level control and management of networks, while IoT aims to bring devices together to enable sharing and monitoring of real-time behaviours through network connectivity. On the one hand, IoT enables us to gather status of devices and networks and to control them remotely. On the other hand, the rapidly growing number of devices challenges the management at the access and backbone layer and raises security concerns of network attacks, such as Distributed Denial of Service (DDoS). The combination of SDN and IoT leads to a promising approach that could alleviate the management issue. Indeed, the flexibility and programmability of SDN could help in simplifying the network setup. However, there is a need to make a security enhancement in the SDN-based IoT network for mitigating attacks involving IoT devices. In this article, we discuss and analyse state-of-the-art DDoS attacks under SDN-based IoT scenarios. Furthermore, we verify our SDN sEcure COntrol and Data plane (SECOD) algorithm to resist DDoS attacks on the real SDN-based IoT testbed. Our results demonstrate that DDoS attacks in the SDN-based IoT network are easier to detect than in the traditional network due to IoT traffic predictability. We observed that random traffic (UDP or TCP) is more affected during DDoS attacks. Our results also show that the probability of a controller becoming halt is 10%, while the probability of a switch getting unresponsive is 40%.
Song Wang; Karina Gomez; Kandeepan Sithamparanathan; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm. Applied Sciences 2021, 11, 929 .
AMA StyleSong Wang, Karina Gomez, Kandeepan Sithamparanathan, Muhammad Rizwan Asghar, Giovanni Russello, Paul Zanna. Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm. Applied Sciences. 2021; 11 (3):929.
Chicago/Turabian StyleSong Wang; Karina Gomez; Kandeepan Sithamparanathan; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. 2021. "Mitigating DDoS Attacks in SDN-Based IoT Networks Leveraging Secure Control and Data Plane Algorithm." Applied Sciences 11, no. 3: 929.
As a popular application of Internet of Things (IoT), Smart City Frameworks aim to provide real time tracking, intelligent control and surveillance across the city. Thus the improvement of resource utilization is a big concern in the management, how to administer such a massive network to meet the requirement of different services? Software Defined Network (SDN) is an ideal solution in customizing networks; however the security feature is the common challenge in both SDN and IoT. In this paper, we propose a framework that uses smart techniques for improving the security features of SDN for smart city applications and diminishing the risk of network invasion. Our SDN Security Framework (SDN-SF) combines two techniques: i) it restrains the unnecessary path between IoT nodes, and ii) it classifies devices into three levels from a combination of MAC address and HTTP request. Additionally, thresholds derived from historical behavior are used for anomaly detection in order to enhance network adaptation. Our result collected from real SDN-based IoT testbed demonstrates that our SDN-SF for Smart City scenarios is able to detect and mitigate malicious traffic with 99.9% of detection rate and 0.5-1 second of detection time in both the control and data plane, respectively.
Song Wang; Karina Mabell Gomez; Kandeepan Sithamparanathan; Paul Zanna. Software Defined Network Security Framework for IoT based Smart Home and City Applications. 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS) 2019, 1 -8.
AMA StyleSong Wang, Karina Mabell Gomez, Kandeepan Sithamparanathan, Paul Zanna. Software Defined Network Security Framework for IoT based Smart Home and City Applications. 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS). 2019; ():1-8.
Chicago/Turabian StyleSong Wang; Karina Mabell Gomez; Kandeepan Sithamparanathan; Paul Zanna. 2019. "Software Defined Network Security Framework for IoT based Smart Home and City Applications." 2019 13th International Conference on Signal Processing and Communication Systems (ICSPCS) , no. : 1-8.
OpenFlow has had a significant impact on computer networking and ushered in the age of Software Defined Networking (SDN). Now the P4 programming language promises to drive this innovation even further by allowing the unparalleled customisability of network devices. Even though they have different capabilities and goals, there is still an overlap in functionality between OpenFlow and P4. This overlap, predominately in the way packets are processed, has not been compared and therefore remains a question that could impact operators considering these two implementations. The primary reason for the lack of comparison data lies in the physical deployment model of these technologies. The inability to isolate pipeline processing and perform a comparison based on identical functionality, without the external influence from auxiliary functions, has made this type of measurement difficult. In this paper, we present such a comparison using the Zodiac FX a hybrid hardware/software Ethernet switch with a dedicated open-source firmware capable of running both implementations equally. By developing a P4 compiler backend capable of generating an equivalent packet processing pipeline for the Zodiac FX, we have been able to perform a direct like-for-like comparison of the performance and efficiency of these two approaches. This comparison highlights the similarity in performance of the two approaches when implementing the equivalent functionality on the same hardware.
Paul Zanna; Pj Radcliffe; Karina Gomez Chavez. A Method for Comparing OpenFlow and P4. 2019 29th International Telecommunication Networks and Applications Conference (ITNAC) 2019, 1 -3.
AMA StylePaul Zanna, Pj Radcliffe, Karina Gomez Chavez. A Method for Comparing OpenFlow and P4. 2019 29th International Telecommunication Networks and Applications Conference (ITNAC). 2019; ():1-3.
Chicago/Turabian StylePaul Zanna; Pj Radcliffe; Karina Gomez Chavez. 2019. "A Method for Comparing OpenFlow and P4." 2019 29th International Telecommunication Networks and Applications Conference (ITNAC) , no. : 1-3.
Zodiac-FX is the first OpenFlow switch designed to sit on a desk, not in a datacenter. In this demo, we present Zodiac-FX the world's smallest OpenFlow Software Defined Network Switch. Our main objective is to showcase the usage and functionalities of Zodiac-FX in handling OpenFlow protocol. We will also demonstrate SDN sEcure COntrol and Data Plane (SECOD), an SDN secure controller algorithm to detect and defend SDN against DoS attacks. We will demonstrate Zodiac-FX and SECOD value via experiments within real traffic and Denial- of-Service (DoS) attacks allowing the audience to interact with the complete toolkit system.
Song Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan; Paul Zanna. The smallest software defined network testbed in the world: Performance and security. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium 2018, 1 -2.
AMA StyleSong Wang, Karina Gomez Chavez, Sithamparanathan Kandeepan, Paul Zanna. The smallest software defined network testbed in the world: Performance and security. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. 2018; ():1-2.
Chicago/Turabian StyleSong Wang; Karina Gomez Chavez; Sithamparanathan Kandeepan; Paul Zanna. 2018. "The smallest software defined network testbed in the world: Performance and security." NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium , no. : 1-2.
Although the popularity of Software-Defined Networking (SDN) is increasing, it is also vulnerable to security attacks such as Denial of Service (DoS) attacks. Since in SDN, the control plane is isolated from the data plane, DoS attackers can easily target the control plane to impair the network infrastructure in addition to the data plane to degrade the user's Quality of Service (QoS). In our previous work, we introduced SECO, an SDN Secure Controller algorithm to detect and defend SDN against DoS attacks. Simulation results showed that SECO successfully defends SDN networks from DoS attacks. In this paper, we present SDN sEcure COntrol and Data Plane (SECOD), which is an improved version of SECO. Basically, SECOD introduces new triggers to detect and prevent DoS attacks in both control and data planes. Moreover, SECOD is implemented and tested using SDN-based hardware testbed, OpenFlow-based switch, and RYU controller to capture the dynamics of realistic hardware and software. The results show that SECOD successfully detects and effectively mitigates DoS attacks on SDN networks keeping data plane performance at 99.72% compared to a network not under attack.
Song Wang; Sathyanarayanan Chandrasekharan; Karina Gomez; Sithamparanathan Kandeepan; Akram Al-Hourani; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium 2018, 1 -5.
AMA StyleSong Wang, Sathyanarayanan Chandrasekharan, Karina Gomez, Sithamparanathan Kandeepan, Akram Al-Hourani, Muhammad Rizwan Asghar, Giovanni Russello, Paul Zanna. SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. 2018; ():1-5.
Chicago/Turabian StyleSong Wang; Sathyanarayanan Chandrasekharan; Karina Gomez; Sithamparanathan Kandeepan; Akram Al-Hourani; Muhammad Rizwan Asghar; Giovanni Russello; Paul Zanna. 2018. "SECOD: SDN sEcure control and data plane algorithm for detecting and defending against DoS attacks." NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium , no. : 1-5.
For many years network operators have struggled to maintain fragile, statically configured and extremely complex networks. The constant threat of viruses, malware, intruders and misconfigured devices has made the task even more difficult. The use of an Intrusion Detection System (IDS) has become a standard defense model in many networks, however they are expensive and difficult to maintain and further complicate a network. This paper introduces a novel approach that integrates a distributed Intrusion Detection System into a Software Defined Network (SDN) and in doing so provides a more scalable security and threat management solution. The core mechanisms that enable SDN to provide an IDS function have been implemented and their performance evaluated. The viability of this approach was evaluated and found to be an effective alternative to the current IDS deployment model.
Paul Zanna; Benjamin O'neill; Pj Radcliffe; Sepehr Hosseini; Salman Ul Hoque. Adaptive threat management through the integration of IDS into Software Defined Networks. 2014 International Conference and Workshop on the Network of the Future (NOF) 2014, 1 -5.
AMA StylePaul Zanna, Benjamin O'neill, Pj Radcliffe, Sepehr Hosseini, Salman Ul Hoque. Adaptive threat management through the integration of IDS into Software Defined Networks. 2014 International Conference and Workshop on the Network of the Future (NOF). 2014; ():1-5.
Chicago/Turabian StylePaul Zanna; Benjamin O'neill; Pj Radcliffe; Sepehr Hosseini; Salman Ul Hoque. 2014. "Adaptive threat management through the integration of IDS into Software Defined Networks." 2014 International Conference and Workshop on the Network of the Future (NOF) , no. : 1-5.
One of the great attractions of Software Defined Networking (SDN) has been the promise of transforming the network by providing a degree of flexibility and automation that until now has never been available. Of interest however is that all of these exciting solutions are usually discussed in isolation and rarely do proponents allude to the fact that numerous applications can be deployed simultaneously. Unfortunately most SDN Controllers are incapable of managing multiple applications that require access to the same events notifications. In this paper, we introduce the concept of an Event Arbitration Manager (EAM), a modified event handler that provides mediation between applications on a single SDN controller. We show that the introduction of an event mediation layer between SDN applications would reduce conflicts between multiple applications on the same SDN controller and allows them to respond to controller events messages equally.
Paul Zanna; Benjamin O'neill; Salman Ui Hoque. SDN application segregation, concurrency and order of execution. 2014 International Conference and Workshop on the Network of the Future (NOF) 2014, 1 -6.
AMA StylePaul Zanna, Benjamin O'neill, Salman Ui Hoque. SDN application segregation, concurrency and order of execution. 2014 International Conference and Workshop on the Network of the Future (NOF). 2014; ():1-6.
Chicago/Turabian StylePaul Zanna; Benjamin O'neill; Salman Ui Hoque. 2014. "SDN application segregation, concurrency and order of execution." 2014 International Conference and Workshop on the Network of the Future (NOF) , no. : 1-6.
Software Defined Networking (SDN) is an innovative approach to network architecture that provides the ability to create a whole new class of functionality. It is however still relatively experimental and therefore requires additional investigation to become a solution suitable for large-scale deployments. The deployment of SDN can be an intricate and challenging task where the ability to create sustainable solutions is paramount. This paper outlines the complexities encountered while deploying SDN in a campus network and offers new methods and techniques to networks operators considering deploying their own solution using the currently available technologies. The paper also suggests changes to the SDN architecture and specification that will remove the need for workarounds and improve overall performance and quality.
Paul Zanna; Sepehr Hosseini; Pj Radcliffe; Benjamin O'neill. The challenges of deploying a software defined network. 2014 Australasian Telecommunication Networks and Applications Conference (ATNAC) 2014, 111 -116.
AMA StylePaul Zanna, Sepehr Hosseini, Pj Radcliffe, Benjamin O'neill. The challenges of deploying a software defined network. 2014 Australasian Telecommunication Networks and Applications Conference (ATNAC). 2014; ():111-116.
Chicago/Turabian StylePaul Zanna; Sepehr Hosseini; Pj Radcliffe; Benjamin O'neill. 2014. "The challenges of deploying a software defined network." 2014 Australasian Telecommunication Networks and Applications Conference (ATNAC) , no. : 111-116.