Software-defined networking (SDN) is a key new paradigm emerging in the industry, in which networks can be dynamically reconfigured in real-time through software. SDN networks are also being used in conjunction with cloud computing to extend virtualization and elasticity to the network level and as a foundation for the Internet of Things (IoT). A key concept in SDN is the separation of the network control and data planes, together with an application plane that supports the programming of network applications in general-purpose languages such as Java and Python. These network applications can be developed by an enterprise, service provider or vendor, or purchased from third-parties through SDN application stores. While the programmability of SDN provides tremendous flexibility and adaptability to changing network conditions and demands, it also exposes networks to significant vulnerabilities through software faults in network applications, as well as in the control and data planes. In this paper, we demonstrate how faulty SDN applications can compromise other SDN applications or even crash an entire SDN network, and describe relationships between software faults in SDN applications and design faults in SDN controllers. We also show how machine-learning based anomaly detection and analytics can be used to identify SDN software faults and help guide real-time network response, through a proof-of-concept case study.
[1]
Lei Xu,et al.
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
,
2015,
NDSS.
[2]
Haizhou Wang,et al.
Ckmeans.1d.dp: Optimal k-means Clustering in One Dimension by Dynamic Programming
,
2011,
R J..
[3]
Gordon J. Ross.
Parametric and Nonparametric Sequential Change Detection in R: The cpm package
,
2012
.
[4]
Seungwon Shin,et al.
The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment
,
2016,
SDN-NFV@CODASPY.
[5]
Fernando M. V. Ramos,et al.
Software-Defined Networking: A Comprehensive Survey
,
2014,
Proceedings of the IEEE.
[6]
Vinod Yegneswaran,et al.
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks
,
2013,
CCS.
[7]
Laizhong Cui,et al.
When big data meets software-defined networking: SDN for big data and big data for SDN
,
2016,
IEEE Network.
[8]
Fernando M. V. Ramos,et al.
Towards secure and dependable software-defined networks
,
2013,
HotSDN '13.
[9]
Poul E. Heegaard,et al.
Achieving dependability in software-defined networking — A perspective
,
2015,
2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM).