Software-Defined Network Forensics: Motivation, Potential Locations, Requirements, and Challenges

The separation of the control plane from the data plane of a switch enables abstraction of a network through a logically centralized controller. The controller functions as the “brain” of a software-defined network. However, centralized control draws attackers to exploit different network devices by hijacking the controller. Security was initially not a key characteristic of SDN architecture, which left it vulnerable to various attackers. The investigation of such attacks in the newly emerging SDN architecture is a challenging task. Therefore, a comprehensive forensic mechanism is required to investigate different forms of attacks by determining their root cause. This article discusses an important area in SDN security, SDN forensics, which until now has received minimal focus. We compare traditional network forensics with SDN forensics to highlight the key differences between them. A brief motivation for SDN forensics is presented to emphasize its significance. Moreover, the potential locations with possible evidence against attackers are identified in SDN. Key requirements are highlighted for SDN forensics with respect to baseline investigation procedures. Finally, we identify challenges in SDN forensics by highlighting potential research areas for researchers, investigators, and academicians.

[1]  Zonghua Zhang,et al.  Towards Autonomic DDoS Mitigation using Software Defined Networking , 2015 .

[2]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[3]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[4]  Ainuddin Wahid Abdul Wahab,et al.  Network forensics: Review, taxonomy, and open challenges , 2016, J. Netw. Comput. Appl..

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Ainuddin Wahid Abdul Wahab,et al.  FML: A novel forensics management layer for software defined networks , 2016, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence).

[7]  Yi Wang,et al.  Towards a secure controller platform for openflow applications , 2013, HotSDN '13.

[8]  Mohsen Guizani,et al.  Topology Discovery in Software Defined Networks: Threats, Taxonomy, and State-of-the-Art , 2017, IEEE Communications Surveys & Tutorials.

[9]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[10]  Olivier Festor,et al.  Anomaly traceback using software defined networking , 2014, 2014 IEEE International Workshop on Information Forensics and Security (WIFS).

[11]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[12]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[13]  Andreas Haeberlen,et al.  Let SDN Be Your Eyes: Secure Forensics in Data Center Networks , 2014 .

[14]  Harvest Zhang,et al.  Efficient Packet Traceback in Software-Defined Networks , 2014 .

[15]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.