OpenFlow Security Threat Detection and Defense Services

OpenFlow Security Threat Detection and Defense Services Wanqing You Department of Computer Science, Southern Polytechnic State University, Georgia Email: [email protected] Kai Qian Department of Computer Science, Southern Polytechnic State University, Georgia Email: [email protected] Xi He Department of Computer Science, Georgia State University, Georgia Email: [email protected] Ying Qian Department of Computer Science, East China Normal University, China Email: [email protected] -------------------------------------------------------------------ABSTRACT-------------------------------------------------------------The emergence of OpenFlow-capable switches decouples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research.