SDN-ESRC: A Secure and Resilient Control Plane for Software-Defined Networks

Quan Ren, Zehua Guo*, Jiangxing Wu, Tao Hu, Lu Jie, Yuxiang Hu, Lei He

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

11 引用 (Scopus)

摘要

In this paper, we propose a resilient control plane based on endogenous security for Software-Defined Networking (SDN) named SDN-ESRC to prevent vulnerability backdoor attacks. SDN-ESRC uses a set of heterogeneous controllers (e.g., RYU, OpenDayLight, ONOS) to compose the control plane and dynamically and adaptively selects several heterogeneous controller instances from the controller set to detect and correct the malicious control messages. The design of SDN-ESRC faces two challenges: (1) increasing network update delay due to multi-controller comparison and (2) maintaining high controllable security. To address the first challenge, SDN-ESRC adopts the master modification mode to reduce the network update delay and identify malicious control messages. To address the second challenge, SDN-ESRC introduces the comparison modification mode to ensure high availability in real time. We propose an evaluation model for SDN-ESRC and theoretically analyze the SDN-ESRC's endogenous security performance under three typical backdoor attack scenarios. We implement SDN-ESRC in a prototype system and conduct simulations and experiments. The results show that SDN-ESRC can improve the backdoor damage attack security up to 98.3%, the backdoor random attack security up to 99.99%, and the backdoor coordinated attack security up to 82% at the cost of increasing network update delay less than 8.3%.

源语言英语
页(从-至)2366-2381
页数16
期刊IEEE Transactions on Network and Service Management
19
3
DOI
出版状态已出版 - 1 9月 2022

指纹

探究 'SDN-ESRC: A Secure and Resilient Control Plane for Software-Defined Networks' 的科研主题。它们共同构成独一无二的指纹。

引用此