Double layer controller for distributed software defined network in mitigating cyber attacks

Many traditional network encryption models are ill-suited for integration within Software Defined Networks (SDNs) due to their detachment from the control plane and their distinct programmable attributes. An SDN, functioning as a software component on a server, furnishes essential resources and inte...

Full description

Bibliographic Details
Published in:AIP Conference Proceedings
Main Author: Wong M.Y.; Yaakob N.; Beson M.R.C.; Ahmad R.B.; Md Enzai N.I.
Format: Conference paper
Language:English
Published: American Institute of Physics Inc. 2024
Online Access:https://www.scopus.com/inward/record.uri?eid=2-s2.0-85185794814&doi=10.1063%2f5.0194611&partnerID=40&md5=e18882887b10cfdd5322179e919f7242
Description
Summary:Many traditional network encryption models are ill-suited for integration within Software Defined Networks (SDNs) due to their detachment from the control plane and their distinct programmable attributes. An SDN, functioning as a software component on a server, furnishes essential resources and intelligence for managing data plane programming within a network context. However, the adoption of SDNs brings forth challenges, such as concerns regarding scalability and reliability within centralized architectures. To counter these, the control plane's physical decentralization is contemplated, though this approach introduces its own set of complexities. This paper introduces a novel solution in the form of a double layer controller aimed at enhancing SDN security. The approach encompasses performance assessment metrics like packet loss, latency, bit rate, and network congestion. Notably, vulnerabilities arise from the potential remote manipulation of switch configurations to connect with an OpenFlow-capable controller. Acknowledging the limitations of existing methods, especially their inability to accommodate large-scale networks, the proposed technique leverages a double layer controller and employs multi-flow state dynamics to gather core network status information before conveying it to users. This approach not only enhances resilience and dependability compared to prior methodologies but also triggers alerts in response to unhealthy network metrics, thereby elevating accuracy and fortifying network security. © 2024 Author(s).
ISSN:0094243X
DOI:10.1063/5.0194611