An improved network security situation assessment approach in software defined networks

Software Defined Network (SDN) is a network framework which can be controlled and defined by software programming, and OpenFlow is the basic protocol in SDN that defines the communication protocol between SDN control plane and data plane. With the deployment of SDN in reality, many security threats and issues are of great concern. In this paper, we propose a security situation awareness approach for SDN. This approach focuses on the attacks like network scanning attack, OpenFlow flooding attack, switch compromised attack and ARP attack in both data plane and control plane. Based on the features of these attacks, we use multiple observations hidden Markov model (HMM) to quantify the network status and then get the security situation assessment values for SDN. The proposed approach can also detect these four attacks and predict the network status based on HMM when given a sequence of observed feature values. We build a test scenario to simulate our approach with Ryu controller and OpenFlow switch and prove the feasibility of this approach.