TUM Logo

Anomaly Detection in the SDN Control Plane

Software Defined Networking (SDN) is a new approach to networking which provides an abstraction layer for the physical network. It is considered a future technology, which has the potential to reduce complexity and costs, especially in large data centers. While SDN can also help improving network security by providing a centralized control instance, the security of the control plane itself remains an issue. As SDN is not yet an established technology, having been used mostly in experimental networks, little data about anomalies in control traffic exist. A key concept of SDN is to provide APIs for third-party applications. This makes the network more manageable and flexible. However, it also increases the risk of malware which can compromise the network.One goal of this thesis is to define what can be considered an anomaly in the context of SDN control traffic. This is achieved by elaborating attack scenarios and implementing them as SDN applications. Furthermore, machine learning algorithms are evaluated for their aptitude to detect anomalies in the SDN control plane.

Anomaly Detection in the SDN Control Plane

Supervisor(s): Christian Banse
Status: finished
Topic: Others
Author: Vincent Sommer
Submission: 2014-10-15
Type of Thesis: Masterthesis
Proof of Concept No
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Astract:

Software Defined Networking (SDN) is a new approach to networking which provides an abstraction layer for the physical network. It is considered a future technology, which has the potential to reduce complexity and costs, especially in large data centers. While SDN can also help improving network security by providing a centralized control instance, the security of the control plane itself remains an issue. As SDN is not yet an established technology, having been used mostly in experimental networks, little data about anomalies in control traffic exist. A key concept of SDN is to provide APIs for third-party applications. This makes the network more manageable and flexible. However, it also increases the risk of malware which can compromise the network.One goal of this thesis is to define what can be considered an anomaly in the context of SDN control traffic. This is achieved by elaborating attack scenarios and implementing them as SDN applications. Furthermore, machine learning algorithms are evaluated for their aptitude to detect anomalies in the SDN control plane.