OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions

The original design of the Internet did not take network security aspects into consideration, instead it aimed to facilitate the process of information exchange between end-hosts. Consequently, many protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers. To reduce these vulnerabilities, several security approaches were introduced as a form of add-ons to the existing Internet architecture. However, these approaches have their drawbacks (e.g., lack of centralized control, and automation). In this paper, to address these drawbacks, the features provided by Software Defined Networking (SDN) such as network-visibility, centralized management and control are considered for developing security applications. Although the SDN architecture provides features that can aid in the process of network security, it has some deficiencies when it comes to using SDN for security. To address these deficiencies, several architectural requirements are derived to adapt the SDN architecture for security use cases. For this purpose, OrchSec, an Orchestrator-based architecture that utilizes Network Monitoring and SDN Control functions to develop security applications is proposed. The functionality of the proposed architecture is demonstrated, tested, and validated using a security application.

[1]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[2]  Zongpeng Li,et al.  sFlow: towards resource-efficient and agile service federation in service overlay networks , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[3]  Hui Zang,et al.  Is sampled data sufficient for anomaly detection? , 2006, IMC '06.

[4]  Shoichiro Asano,et al.  A Study on Detecting Network Anomalies Using Sampled Flow Statistics , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[5]  S. Gritzalis,et al.  A Fair Solution to DNS Amplification Attacks , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  Bin Liu,et al.  Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[8]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[9]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[10]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[11]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[12]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[13]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[14]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[15]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[16]  Byrav Ramamurthy,et al.  Network Innovation using OpenFlow: A Survey , 2014, IEEE Communications Surveys & Tutorials.