Software-defined networking (SDN) is an innovative and promising future networking technology that has rapidly gained significant attentions from both academia and industry. Accordingly, initiated and accelerated by enterprises, various components of SDN have been implemented, and many practical use cases of SDN have been demonstrated with such component implementations to show the potentials of SDNs.
One of the most crucial SDN components is an SDN controller, which is often considered as a control tower of SDN. It not only provides centralized control and automation of SDNs, but also implements open and programmable APIs to ultimately establish an open SDN application ecosystem, where anyone can develop and distribute useful SDN applications. Such an ecosystem potentially unleashes new levels of innovation; however, it also introduces new security threat to SDN environments.
In such an ecosystem, malicious SDN applications can be easily developed and distributed by untrusted entities, and to the best of our knowledge, there exists no known solution to this problem. As demonstrated in previous studies, the security threat of malicious SDN applications must be taken seriously as SDN applications possess full control of SDNs.
In this thesis, we propose a novel system, called BeBop, which analyzes and classifies SDN applications based on their behavioral patterns. We show the effectiveness and the performance of our system by actually implementing and evaluating the prototype of BeBop.