Secure Defense Mechanism against Data Leakage and Distributed Denial of Service Attacks in Software Defined Networks

Abstract

Software Defined Network is an emerging fifth generation network architecture in which data and control planes are decoupled. The programmable network provides standard open interfaces which is vulnerable to data leakage attacks. Existing Open Flow protocol lacks in crypto standard where messages are communicated between data and control planes are in unencrypted form. Open Flow messages are prone to passive attacks such as sniffing and traffic monitoring. Diffie-Hellman Key Exchange algorithm is implemented in Open Flow protocol version 1.3 where random private keys are generated for each incoming network traffic flows. In this research work, secure defense mechanism is proposed where Restricted Boltzmann Machine algorithm is incorporated in controller that detects Distributed Denial of Service attack traffic flows. The performance of Software Defined Network is measured using performance metrics namely bandwidth utilization of controller, delay of request and response messages from switch and controller, encryption and decryption time of Open Flow messages. The proposed secure defense mechanism is an extended work of previous research work on detection of Distributed Denial of Service attack in Software Defined Network controller. The proposed secure defense mechanism out performs existing work with respect to metrics such as bandwidth utilization, delay, encryption and with decryption time.