Enabling security functions with SDN: A feasibility study

Cited 61 time in webofscience Cited 0 time in scopus
  • Hit : 774
  • Download : 0
Software-defined networking (SON) is being strongly considered as the next promising networking platform, and studies regarding SON have been actively conducted accordingly. However, the security of SDN remains undefined and unknown when considering the enhancement of network security in SDN. In this paper, we verify whether SDN can enhance network security. Specifically, the idea of enabling security functions with diverse SDN features is explored thoroughly. In order to elucidate the feasibility of SDN-based security functions, we implement four types of security functions with SON in Floodlight applications: (i) in-line mode security functions (e.g. firewalls and IPS), (ii) passive mode security functions (e.g. IDS), (iii) network anomaly detection functions (e.g. scan and DDoS detector), and (iv) advanced security functions (e.g. stateful firewall and reflector networks). Furthermore, we focus on discovering issues that might arise throughout the implementation of SDN-based security applications and discuss how these issues can be addressed. In order to appropriately prove the feasibility of the SDN-based security applications, we evaluate our Floodlight applications in real testbeds that consist of SON-enabled switches and a number of physical hosts.
Publisher
ELSEVIER SCIENCE BV
Issue Date
2015-07
Language
English
Article Type
Article
Citation

COMPUTER NETWORKS, v.85, pp.19 - 35

ISSN
1389-1286
DOI
10.1016/j.comnet.2015.05.005
URI
http://hdl.handle.net/10203/200889
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 61 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0