A Security Enforcement Framework for SDN Controller Using Game Theoretic Approach

Software-defined networking (SDN) has gained significant attention as the future deployment platform for the Internet and enterprise networks. The major advantages of SDN include effective traffic management, dynamic configuration of policy and flow rules, and better scalability with heterogeneous traffic requirements. However, centralized network control and the use of OpenFlow protocols introduce various security challenges for the underlying network. The attacks on the SDN controller is critical as it hosts all network control functions. Motivated by a systematic analysis of different attack scenarios in SDN using the STRIDE attack model, this article presents an effective security enforcement framework for proactive prevention of potential attacks on SDN controllers. First, based on a signaling game approach, we design a trust-based controller attack detection (TCAD) model that calculates the trust value of each incoming packet to take necessary action. Next, we propose a risk-based attack prevention (RAP) model that detects and filters malicious traffic flows in the network. Finally, we evaluate our proposed security enforcement framework on different scenarios with varying traffic requirements and by injecting attacks based on the STRIDE model. Experimental results show 95% accuracy in the potential attack detection and prevention.