Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Performance optimization of a software-defined networking (SDN) security architecture

: Ali, Syed Faraz
: Khondoker, Rahamatullah; Keil, Ferdinand; Hofmann, Klaus

Darmstadt, 2016, 117 pp.
Darmstadt, TU, Master Thesis, 2016
Master Thesis
Fraunhofer SIT ()
SDN; OpenFlow; network security; HP SDN Switch; Cisco SDN Switch; SDN-enabled Switch

Software Defined Networking (SDN) provides features such as network-visibility, centralized management and control that help in the process of network security through the migration of network intelligence to a centralized controller. Despite its advantages, the SDN architecture has some limitations including the presence of a single controller, tightly-coupled monitoring and control functions, and controller dependent application development. To address the aforementioned limitations, an Orchestrator-based architecture utilizes the Network Monitoring and SDN Control functions to develop security applications for mitigating against several attacks, for instance, Address Resolution Protocol (ARP) Spoofing/Cache Poisoning, Denial of Service (DoS), and Domain Name System (DNS) Amplification . This master thesis focuses on enhancing the robustness, efficiency and accuracy of the OrchSec architecture by integrating the architecture on hardware switches. The OrchSec architecture runs on Open vSwitch that only consists of software flow tables. These tables are based on software only, therefore, they delay the process of attack detection of the OrchSec architecture. To make the process of attack detection and mitigation faster, the OrchSec architecture is integrated on HP 3500-24G-PoE yl and Cisco Catalyst WS-C4506-E hardware switches comprising both hardware and software flow tables. The performance criteria is considered on measuring the Round Trip Time (RTT), TCP/UDP bandwidth, jitter, packet loss, and OrchSec attack detection time on both the software and hardware switches. The experimental results are investigated and a comparative analysis of software and hardware switches is presented. The OrchSec architecture supports sFlow as the only network monitoring protocol, which is a sampling technology. Since sFlow protocol does not provide complete network information due to the sampling technology it employs, the resulting accuracy is not 100%. In order to enhance the OrchSec attack detection, NetFlow and IPFIX monitoring protocol support are also integrated which provides complete IP traffic information. Likewise, an anti-virus toolkit is also incorporated with the OrchSec architecture for the detection of viruses, trojans, and malware in the end-hosts.