No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Securing Modern Network Architectures with Software Defined Networking
... This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. SDN offers a virtualized execution platform that decouples the network control functions from the underlying traffic forwarding network [1] consisting of various network devices, e.g. switches, routers, access points, etc. ...
Software defined network (SDN) is a network architecture in which the network traffic may be operated and managed dynamically according to user requirements and demands. Issue of security is one of the big challenges of SDN because different attacks may affect performance and these attacks can be classified into different types. One of the famous attacks is distributed denial of service (DDoS). SDN is a new networking approach that is introduced with the goal to simplify the network management by separating the data and control planes. However, the separation leads to the emergence of new types of distributed denial-of-service (DDOS) attacks on SDN networks. The centralized role of the controller in SDN makes it a perfect target for the attackers. Such attacks can easily bring down the entire network by bringing down the controller. This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.
Currently 5G communication networks are envisioned to offer in a near future a wide range of high-quality services and unfaltering user experiences. In order to achieve this, several issues including security, privacy, and trust aspects need to be solved so that the 5G networks can be widely welcomed and accepted. Considering above, in this paper, we take a step towards these requirements by proposing a dedicated SDN-based integrated security framework for the Internet of Radio Light (IoRL) system that is following 5G architecture design. In particular, we present how TCP SYN-based scanning activities and DHCP-related network threats like Denial of Service (DoS), traffic eavesdropping, etc. can be detected and mitigated using such an approach. Enclosed experimental results prove that the proposed security framework is effective and efficient and thus can be considered as a promising defensive solution.
Sniffing is a crucial part of the network attack where an intruder tries to gather as much information as possible on the devices, protocols and applications residing within the targeted network in order to discover their vulnerabilities. It is typically performed using dedicated software called sniffers and it is based on passively analyzing the traffic exchanged within the network. Due to its passive nature such malicious actions are quite hard to be discovered. That is why, in this paper we first revisit existing approaches and tools known from the state-of-the-art. Then we introduce a novel detection method which is able to identify suspicious machine using specially crafted network traffic and based on its reaction is able to infer whether sniffer is running or not.
Currently 5G communication networks are gaining on importance among industry, academia, and governments worldwide as they are envisioned to offer wide range of high-quality services and unfaltering user experiences. However, certain security, privacy and trust challenges need to be addressed in order for the 5G networks to be widely welcomed and accepted. That is why in this paper, we take a step towards these requirements and we introduce a dedicated SDN-based integrated security framework for the Internet of Radio Light (IoRL) system that is following 5G architecture design. In particular, we present how TCP SYN-based scanning activities which typically comprise the first phase of the attack chain can be detected and mitigated using such an approach. Enclosed experimental results prove that the proposed security framework has potential to become an effective defensive solution.