Enabling security functions with SDN: A feasibility study
Software-defined networking (SON) is being strongly considered as the next promising networking platform, and studies regarding SON have been actively conducted accordingly. However, the security of SDN remains undefined and unknown when considering the enhancement of network security in SDN. In this paper, we verify whether SDN can enhance network security. Specifically, the idea of enabling security functions with diverse SDN features is explored thoroughly. In order to elucidate the feasibility of SDN-based security functions, we implement four types of security functions with SON in Floodlight applications: (i) in-line mode security functions (e.g. firewalls and IPS), (ii) passive mode security functions (e.g. IDS), (iii) network anomaly detection functions (e.g. scan and DDoS detector), and (iv) advanced security functions (e.g. stateful firewall and reflector networks). Furthermore, we focus on discovering issues that might arise throughout the implementation of SDN-based security applications and discuss how these issues can be addressed. In order to appropriately prove the feasibility of the SDN-based security applications, we evaluate our Floodlight applications in real testbeds that consist of SON-enabled switches and a number of physical hosts.
- Publisher
- ELSEVIER SCIENCE BV
- Issue Date
- 2015-07
- Language
- English
- Article Type
- Article
- Citation
COMPUTER NETWORKS, v.85, pp.19 - 35
- ISSN
- 1389-1286
- Appears in Collection
- EE-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 79 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.