Towards Securing OpenFlow Controllers for SDNs using ARMA Models

Abstract

Control layers are moved away from the forwarding switching layers in Software Defined Networks. SDNs allow more programmability and flexibility to the controllers. OpenFlow is a protocol that gives access to the forwarding plane of a network switch or router over the SDN network. OpenFlow uses a centralized control of network switches and routers in SDN environment. Security is of a major importance for SDN deployment. Transport Layer Security (TLS) is be used to implement security for OpenFlow. This paper proposes a new technique to improve the security of the OpenFlow controller through modifying the TLS implementation. The proposed model is referred to as Secured Feedback model using Autoregressive Moving Average (ARMA) for SDN networks (SFBARMASDN). SFBARMASDN depends on computing the feedback for incoming packets based on ARMA models. Filtering techniques based on ARMA techniques are used to filter the packets and detect malicious packets to be dropped. SFBARMASDN is compared to two reference models. One reference model is based on Bayesian and the other reference model is the standard OpenFlow. Results are very promising. SFBARMASDN has outperformed both the secured standard using Bayesian network for SDN (SSBNSDN) and the standard OpenFlow in different scenarios by an average improvement of 7% and 80% respectively. The processing time overhead for the SFBARMASDN increases by only a percentage of 3% and 5% when compared to the SSBNSDN and the standard OpenFlow respectively.