Home // ICIMP 2019, The Fourteenth International Conference on Internet Monitoring and Protection // View article

Framework for Creating Security Functions Based on Software Defined Network

Authors:
Dobrin Dobrev
Dimiter Avresky

Keywords: security function; network function virtualization; virtualization, openflow; flowtable; controller

Abstract:
In this work, we propose a framework for security based on Virtual Security Functions, OpenFlow, Software Define Networks (SDN), Mininet, Pox Controller and Virtual Switches. By using the OpenFlow protocol in the virtualized environment of SDN, we are capable of analyzing the data streams in the network environment. An SDN controller, staying on top of the entire infrastructure, is capable of orchestrating network segment(s). By creating different virtual security functions, we have the possibility to increase network security and to avoid loops. In this paper, the process of loop elimination is achieved by automatically reconfiguring the security function by creating a spanning tree. By using the scalability of the virtual controller, we can simplify the network administration. The main benefit is that different systems like switches, firewalls, and Intrusion Detection Systems (IDS) will be replaced by the controller with Virtual Security Functions (VSF). The target is to increase availability by presenting functions that avoid loops in the network. VSF will allow to exploit the framework in order to eliminate different attacks, such as congestion driven attacks, Distributed Denial-of-Service (DDoS), Media Access Control (MAC) address spoofing, man in the middle attack and Synchronize (SYN) flood attacks. All functions can be run in parallel and we can increase the availability of the system.

Pages: 1 to 6

Copyright: Copyright (c) IARIA, 2019

Publication date: July 28, 2019

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-61208-729-0

Location: Nice, France

Dates: from July 28, 2019 to August 2, 2019