Automation and Cybersecurity: Creating a Testing Tool for SDN Networks
Abstract
With the widespread adoption of Software Defined Networks (SDN) in various current applications, increasingly more methods of vulnerability exploitation have been created targeting the data, control, and application planes. Due to its characteristic of centralizing control logic, SDN networks are more susceptible to denial-of-service attacks, thereby heightening the need to improve network protection methods. Aiming to contribute to the understanding of cyberattacks in SDN networks, this work demonstrates the development of an automated and modular testing execution tool, allowing for the customization of tests and ease of use in SDN network management routines.References
Contributors, M. P. (2022). Mininet - an instant virtual network on your laptop (or other pc). [link] [Acessado: 05 de Junho de 2024].
Foundation, O. (2023). Top 10 web application security risks. [link] [Accessado: 10 de Junho de 2024].
Foundation, O. N. (2024). Open network operating system (onos) sdn controller. [link] [Accessado: 15 de Junho de 2024].
Georgiev, S. and Nikolova, K. (2023). Implementation of an agile sdlc ci/cd pipeline for managing a sdn vxlan-evpn fabric. In 2023 31st National Conference with International Participation (TELECOM), pages 1–4.
Gopi, D., Cheng, S., and Huck, R. (2017). Comparative analysis of sdn and conventional networks using routing protocols. In 2017 International Conference on Computer, Information and Telecommunication Systems (CITS), pages 108–112.
Guo, C., Xie, D., Han, Y., Guo, J., and Wei, Z. (2020). Survey of software-defined network security issues. In Sun, X., Wang, J., and Bertino, E., editors, Artificial Intelligence and Security, pages 503–514, Singapore. Springer Singapore.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Comput. Surv., 55(9).
Nsafoa-Yeboah, K., Tchao, E. T., Yeboah-Akowuah, B., Kommey, B., Agbemenu, A. S., Keelson, E., and Monirujjaman Khan, M. (2022). Software-defined networks for optical networks using flexible orchestration: Advances, challenges, and opportunities. Journal of Computer Networks and Communications, 2022(1):5037702.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow TCAM exhaustion DDoS attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Qiu, X. and Tang, Z. (2022). Research advanced in the security defence of software defined network. In 2022 International Conference on Electronics and Devices, Computational Science (ICEDCS), pages 380–384.
Rios, V. D. M., Inácio, P. R. M., Magoni, D., and Freire, M. M. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10:76648–76668.
Smith-perrone, J. and Sims, J. (2017). Securing cloud, sdn and large data network environments from emerging ddos attacks. In 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence, pages 466–469.
Sokappadu, B., Hardin, A., Mungur, A., and Armoogum, S. (2019). Software defined networks: Issues and challenges. In 2019 Conference on Next Generation Computing Applications (NextComp), pages 1–5.
Wen, X., Yang, B., Chen, Y., Li, L. E., Bu, K., Zheng, P., Yang, Y., and Hu, C. (2016). Ruletris: Minimizing rule update latency for tcam-based sdn switches. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 179–188.
Xia, W., Wen, Y., Foh, C. H., Niyato, D., and Xie, H. (2015). A survey on software-defined networking. IEEE Communications Surveys & Tutorials, 17(1):27–51.
Yao, J., Han, Z., Sohail, M., and Wang, L. (2019). A robust security architecture for sdn-based 5g networks. Future Internet, 11(4).
Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., and Jin, H. (2024). Toward automated attack discovery in sdn controllers through formal verification. IEEE Transactions on Network and Service Management, 21(3):3636–3655.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhang, M., Bi, J., Bai, J., and Li, G. (2018). Floodshield: Securing the sdn infrastructure against denial-of-service attacks. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 687–698.
Foundation, O. (2023). Top 10 web application security risks. [link] [Accessado: 10 de Junho de 2024].
Foundation, O. N. (2024). Open network operating system (onos) sdn controller. [link] [Accessado: 15 de Junho de 2024].
Georgiev, S. and Nikolova, K. (2023). Implementation of an agile sdlc ci/cd pipeline for managing a sdn vxlan-evpn fabric. In 2023 31st National Conference with International Participation (TELECOM), pages 1–4.
Gopi, D., Cheng, S., and Huck, R. (2017). Comparative analysis of sdn and conventional networks using routing protocols. In 2017 International Conference on Computer, Information and Telecommunication Systems (CITS), pages 108–112.
Guo, C., Xie, D., Han, Y., Guo, J., and Wei, Z. (2020). Survey of software-defined network security issues. In Sun, X., Wang, J., and Bertino, E., editors, Artificial Intelligence and Security, pages 503–514, Singapore. Springer Singapore.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Comput. Surv., 55(9).
Nsafoa-Yeboah, K., Tchao, E. T., Yeboah-Akowuah, B., Kommey, B., Agbemenu, A. S., Keelson, E., and Monirujjaman Khan, M. (2022). Software-defined networks for optical networks using flexible orchestration: Advances, challenges, and opportunities. Journal of Computer Networks and Communications, 2022(1):5037702.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow TCAM exhaustion DDoS attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Qiu, X. and Tang, Z. (2022). Research advanced in the security defence of software defined network. In 2022 International Conference on Electronics and Devices, Computational Science (ICEDCS), pages 380–384.
Rios, V. D. M., Inácio, P. R. M., Magoni, D., and Freire, M. M. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10:76648–76668.
Smith-perrone, J. and Sims, J. (2017). Securing cloud, sdn and large data network environments from emerging ddos attacks. In 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence, pages 466–469.
Sokappadu, B., Hardin, A., Mungur, A., and Armoogum, S. (2019). Software defined networks: Issues and challenges. In 2019 Conference on Next Generation Computing Applications (NextComp), pages 1–5.
Wen, X., Yang, B., Chen, Y., Li, L. E., Bu, K., Zheng, P., Yang, Y., and Hu, C. (2016). Ruletris: Minimizing rule update latency for tcam-based sdn switches. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 179–188.
Xia, W., Wen, Y., Foh, C. H., Niyato, D., and Xie, H. (2015). A survey on software-defined networking. IEEE Communications Surveys & Tutorials, 17(1):27–51.
Yao, J., Han, Z., Sohail, M., and Wang, L. (2019). A robust security architecture for sdn-based 5g networks. Future Internet, 11(4).
Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., and Jin, H. (2024). Toward automated attack discovery in sdn controllers through formal verification. IEEE Transactions on Network and Service Management, 21(3):3636–3655.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhang, M., Bi, J., Bai, J., and Li, G. (2018). Floodshield: Securing the sdn infrastructure against denial-of-service attacks. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 687–698.
Published
2024-09-16
How to Cite
LEAL, Ryan M. S.; FREITAS, Johan K. E.; ALBUQUERQUE JÚNIOR, Francisco A. C.; LOPES, Waslon T. A.; CARVALHO, Fabrício B. S.; FONSECA, Iguatemi E..
Automation and Cybersecurity: Creating a Testing Tool for SDN Networks. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 209-218.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.241892.
