Mitigation of controller and network attacks in software defined networking

Abstract

Software Defined Networking, a recently proposed networking paradigm which has an intention of simplifying
the management and maintenance of networking infrastructures. Under certain traffic, the required communication
between the control and data plane can result in a bottleneck. An attacker can exploit this limitation to mount a new,
network-wide, type of denial of service (DOS) attack, known as the control plane saturation attack and other sorts of
networking attacks. The data plane, which consists of switches and routers, is responsible only for forwarding traffic,
whereas control logic and functionality are moved to an external entity known as the SDN controller. The network
intelligence is logically centralized in trusted software-based SDN controllers that provide an abstract view of
underlying network resources. The abstraction of the flow broadly unifies the behavior of different SDN agents. Efficient
and effective solution to mitigate the control plane and network attacks. In this paper, we have proposed a heuristic
solution to approach its exact solution. Propose additional modifications to Line Switch, which allows for a more refined
use of proxying based on incoming packets rate at the controller level, and address some of the possible attacks on legit
clients. While reducing the introduced timing overhead, when compared to the current state. Through extensive
simulations, it demonstrates that our heuristic algorithm has a good performance; that is, on average it can save about
50% of the total power consumption in the full SDN, having a distance less than 5% of the exact solution’s power
consumption. Moreover, it also achieves good performance in the partially deployed SDN, on average saving about 40%
of the total power consumption when there are about 60% SDN nodes in the network.