Implementation of a SDN Architecture Observer: Detection of Failure, Distributed Denial-of-Service and Unauthorized Intrusion

Software-defined networking was recently introduced and proposed to separate the control from the data plane. This architecture introduces new challenges, particularly with regard to security and safety. To address the safety challenges, it is necessary to set up a multi controller architecture to provide redundancy. In addition, the second controller can have a security benefit because it can be used to validate the decisions taken by the first controller. However, communication between the controllers is necessary in these architectures, which may be exploited by an attacker to spread across the controllers, resulting in a security issue. This study aims to develop a multi controller architecture without communication between controllers. The control is executed by the nominal controller, which performs the data plane computation, whereas the second controller is in charge of verifying the consistency of the controller's decisions, i.e., the management traffic. We first formulated the activity of the command and then provided conditions to determine a consistent control. These conditions include a time boundary, which corresponds to the tolerance for a delay in the response time of the controller, and structural properties to verify the consistency of the path setup. Moreover, we proposed a detection algorithm that is divided into two parts: first, a learning phase that aims to learn the consistent path set up by the controller, and second, a running phase which aims to verify that the controller sets up paths that are similar to the learned path. This algorithm was evaluated in terms of its reactivity, precision, and recall. To evaluate this, we considered three use cases: a distributed denial of service (DDOS) attack, an attack to send malicious packets on the network, and a failure of the controller.