Generalized Stochastic Petri Net Model Based Security Risk Assessment of Software Defined Networks

Software-defined networking (SDN) is a networking paradigm to provide automated network management at run time through network orchestration and virtualization. A central controller realizes the automatic network configuration in SDN at run time by conforming to a control plane protocol (e.g., OpenFlow) and switches act as simple forwarding devices. However, SDN are susceptible to cyber attacks and there is a need to understand and quantify the cyber risks. In this paper, we present a model to analyze attacks on SDN and generate risk assessment scores that can aid mitigation. We build and analyze a Generalized Stochastic Petri Net (GSPN) model for Denial of Service attack in SDN using the PIPE tool. The results show all possible attacker paths during the attack. Moreover, they indicate that there is a direct relation between the risk score of the transitions and the average time the attacker needs to successfully perform individual attack action. These results can be used to improve countermeasures of SDN attacks in future work.