An Integrated Framework for Controllers Placement and Security in Software-Defined Networks Ecosystem
Abstract
In the evolving landscape of Software-Defined Networking (SDN), the strategic placement of controllers poses a critical challenge that necessitate a precise balance between network performance and security. This paper presents an integrated framework for enhancing security and performance in SDN by combining controller placement and intrusion detection systems (IDS). Unlike existing solutions which were implemented disjointedly, we propose a holistic approach that leverages the proximity of controllers to network traffic for real-time threat detection, rapid response, and mitigation of security attacks. We employ an advanced clustering model for optimal controller placement, reducing costs and latency while ensuring reliability and balanced loads. In addition, we utilize k-nearest neighbour (KNN) for efficient anomaly detection in our IDS for improved network security. Experimental results confirm the framework’s effectiveness in strengthening SDN security and resilience. The enhanced-DBSCAN-based CPP model significantly minimized the cost, and latency, and ensured continuous operation in dynamic SDN environments while the KNN-based IDS shows effectiveness in improving threat detection capabilities, achieving high detection accuracy of 100% on the LAN dataset, outperforming other machine learning models such as Random Forest and Naïve Bayes. The indication is that strategic controller deployment, in conjunction with IDS, can significantly bolster threat detection, response times, and the overall security stance of the SDN environment.
Downloads
References
N. Makondo, H. I. Kobo, and T. E. Mathonsi, "The latest developments in Software Defined Networking: Adoption rate and challenges," in 2023 IEEE AFRICON, 2023, pp. 1-6: IEEE.
F. Liu, G. Kibalya, S. Santhosh Kumar, and P. Zhang, "Challenges of traditional networks and development of programmable networks," in Software defined Internet of everything: Springer, 2021, pp. 37-61.
A. Shaghaghi, M. A. Kaafar, R. Buyya, S. J. H. o. C. N. Jha, C. S. Principles, and Paradigms, "Software-defined network (SDN) data plane security: issues, solutions, and future directions," pp. 341-387, 2020.
A. Yazdinejadna, R. M. Parizi, A. Dehghantanha, and M. S. J. C. N. Khan, "A kangaroo-based intrusion detection system on software-defined networks," vol. 184, p. 107688, 2021.
S. Haider et al., "A deep CNN ensemble framework for efficient DDoS attack detection in software defined networks," vol. 8, pp. 53972-53983, 2020.
W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. J. I. I. o. T. J. Bangash, "An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security," vol. 7, no. 10, pp. 10250-10276, 2020.
X. Hou et al., "Reliable computation offloading for edge-computing-enabled software-defined IoV," vol. 7, no. 8, pp. 7097-7111, 2020.
B. B. Gupta and A. Dahiya, Distributed Denial of Service (DDoS) Attacks: Classification, Attacks, Challenges and Countermeasures. CRC Press, 2021.
K. B. Virupakshar, M. Asundi, K. Channal, P. Shettar, S. Patil, and D. J. P. C. S. Narayan, "Distributed denial of service (DDoS) attacks detection system for OpenStack-based private cloud," vol. 167, pp. 2297-2307, 2020.
M. H. Ali et al., "Threat analysis and distributed denial of service (DDoS) attack recognition in the Internet of things (IoT)," vol. 11, no. 3, p. 494, 2022.
P. Krishnan, K. Jain, A. Aldweesh, P. Prabu, and R. J. J. o. C. C. Buyya, "OpenStackDP: a scalable network security framework for SDN-based OpenStack cloud infrastructure," vol. 12, no. 1, p. 26, 2023.
M. Rahouti, K. Xiong, Y. Xin, S. K. Jagatheesaperumal, M. Ayyash, and M. J. I. A. Shaheed, "SDN security review: Threat taxonomy, implications, and open challenges," vol. 10, pp. 45820-45854, 2022.
A. Singh, G. S. Aujla, R. S. J. S. C. I. Bali, and Systems, "Container-based load balancing for energy efficiency in software-defined edge computing environment," vol. 30, p. 100463, 2021.
M.-L. Chiang, H.-S. Cheng, H.-Y. Liu, and C.-Y. J. C. C. Chiang, "SDN-based server clusters with dynamic load balancing and performance improvement," vol. 24, pp. 537-558, 2021.
K. A. Jadhav, M. M. Mulla, and D. Narayan, "An efficient load balancing mechanism in software defined networks," in 2020 12th international conference on computational intelligence and communication networks (CICN), 2020, pp. 116-122: IEEE.
M. R. Belgaum, S. Musa, M. M. Alam, and M. M. J. I. A. Su’ud, "A systematic review of load balancing techniques in software-defined networking," vol. 8, pp. 98612-98636, 2020.
A. Ahmad, E. Harjula, M. Ylianttila, and I. Ahmad, "Evaluation of machine learning techniques for security in SDN," in 2020 IEEE Globecom Workshops (GC Wkshps, 2020, pp. 1-6: IEEE.
R. Amin, E. Rojas, A. Aqdus, S. Ramzan, D. Casillas-Perez, and J. M. J. I. A. Arco, "A survey on machine learning techniques for routing optimization in SDN," vol. 9, pp. 104582-104611, 2021.
Y. Hande and A. Muddana, "A survey on intrusion detection system for software defined networks (SDN)," in Research Anthology on Artificial Intelligence Applications in Security: IGI Global, 2021, pp. 467-489.
K. M. Sudar and P. J. I. J. o. I. E. Deepalakshmi, "Comparative study on IDS using machine learning approaches for software defined networks," vol. 7, no. 1-3, pp. 15-27, 2020.
T. Jafarian, M. Masdari, A. Ghaffari, and K. J. I. J. o. C. S. Majidzadeh, "Security anomaly detection in software‐defined networking based on a prediction technique," vol. 33, no. 14, p. e4524, 2020.
Y. Maleh, Y. Qasmaoui, K. El Gholami, Y. Sadqi, and S. J. J. o. R. I. E. Mounir, "A comprehensive survey on SDN security: threats, mitigations, and future directions," vol. 9, no. 2, pp. 201-239, 2023.
K. Muthamil Sudar, P. J. J. o. I. Deepalakshmi, and F. Systems, "An intelligent flow-based and signature-based IDS for SDNs using ensemble feature selection and a multi-layer machine learning-based classifier," vol. 40, no. 3, pp. 4237-4256, 2021.
N. Mazhar, R. Salleh, M. A. Hossain, M. J. I. J. o. A. C. S. Zeeshan, and Applications, "SDN based intrusion detection and prevention systems using manufacturer usage description: A survey," vol. 11, no. 12, 2020.
S. Ahmad, A. H. J. J. o. N. Mir, and S. Management, "Scalability, consistency, reliability and security in SDN controllers: a survey of diverse SDN controllers," vol. 29, pp. 1-59, 2021.
M. Ali et al., "Performance and Scalability Analysis of SDN-Based Large-Scale Wi-Fi Networks," vol. 13, no. 7, p. 4170, 2023.
B. Sapkota, B. R. Dawadi, and S. R. J. E. R. Joshi, "Controller placement problem during SDN deployment in the ISP/Telco networks: A survey," vol. 6, no. 2, p. e12801, 2024.
J. P. Martin, "Orchestration Mechanisms for Enabling Distributed Processing In the Fog Computing Environment," National Institute of Technology Karnataka, Surathkal, 2021.
A. J. W. P. C. Javadpour, "Providing a way to create balance between reliability and delays in SDN networks by using the appropriate placement of controllers," vol. 110, pp. 1057-1071, 2020.
F. Chahlaoui and H. J. S. C. S. Dahmouni, "A taxonomy of load balancing mechanisms in centralized and distributed SDN architectures," vol. 1, no. 5, p. 268, 2020.
M. R. Belgaum, Z. Alansari, S. Musa, M. M. Alam, M. J. I. J. o. E. Mazliham, and C. Engineering, "Role of artificial intelligence in cloud computing, IoT and SDN: Reliability and scalability issues," vol. 11, no. 5, p. 4458, 2021.
L. Zhu et al., "SDN controllers: A comprehensive analysis and performance evaluation study," vol. 53, no. 6, pp. 1-40, 2020.
D. Cabarkapa and D. Rancic, "Software-Defined Networking: The Impact of Scalability on Controller Performance," in 2022 IEEE Zooming Innovation in Consumer Technologies Conference (ZINC), 2022, pp. 17-21: IEEE.
A. Naseri, M. Ahmadi, and L. J. C. C. PourKarimi, "Placement of SDN controllers based on network setup cost and latency of control packets," 2023.
M. T. Islam, N. Islam, and M. A. J. W. P. C. Refat, "Node to node performance evaluation through RYU SDN controller," vol. 112, pp. 555-570, 2020.
V. H. Kelian et al., "Toward Adaptive and Scalable Topology in Distributed SDN Controller," vol. 30, no. 1, pp. 115-131, 2023.
P. Sun, Z. Guo, J. Li, Y. Xu, J. Lan, and Y. J. I. A. T. o. N. Hu, "Enabling scalable routing in software-defined networks with deep reinforcement learning on critical nodes," vol. 30, no. 2, pp. 629-640, 2021.
Z. Ye, G. Sun, and M. J. I. I. o. T. J. Guizani, "ILBPS: An Integrated Optimization Approach Based on Adaptive Load-Balancing and Heuristic Path Selection in SDN," 2023.
J. C. C. Chica, J. C. Imbachi, J. F. B. J. J. o. N. Vega, and C. Applications, "Security in SDN: A comprehensive survey," vol. 159, p. 102595, 2020.
W. Jiang, H. Han, M. He, and W. J. E. S. w. A. Gu, "ML-based pre-deployment SDN performance prediction with neural network boosting regression," vol. 241, p. 122774, 2024.
G. D. Singh et al., "A novel framework for capacitated SDN controller placement: Balancing latency and reliability with PSO algorithm," vol. 87, pp. 77-92, 2024.
A. K. Singh, S. Srivastava, S. J. J. o. A. I. Banerjea, and H. Computing, "Evaluating heuristic techniques as a solution of controller placement problem in SDN," vol. 14, no. 9, pp. 11729-11746, 2023.
G. Ramya and R. J. T. J. o. S. Manoharan, "Traffic-aware dynamic controller placement in SDN using NFV," vol. 79, no. 2, pp. 2082-2107, 2023.
O. Benoudifa, A. A. Wakrime, R. J. J. o. K. S. U.-C. Benaini, and I. Sciences, "Autonomous solution for Controller Placement Problem of Software-Defined Networking using MuZero based intelligent agents," vol. 35, no. 10, p. 101842, 2023.
S. Almakdi, A. Aqdus, R. Amin, and M. S. J. I. A. Alshehri, "An Intelligent Load Balancing Technique for Software Defined Networking based 5G using Macine Learning models," 2023.
J. Jacob, S. Shinde, D. J. J. o. T. Narayan, and I. Technology, "An Efficient Controller Placement Algorithm using Clustering in Software Defined Networks," no. 4, pp. 9-17, 2023.
D. He, J. Chen, and X. J. T. J. o. S. Qiu, "A density algorithm for controller placement problem in software defined wide area networks," vol. 79, no. 5, pp. 5374-5402, 2023.
A. A. Ibrahim et al., "Reliability-aware swarm based multi-objective optimization for controller placement in distributed SDN architecture," 2023.
H. Xu, X. Chai, and H. J. S. Liu, "A Multi-Controller Placement Strategy for Hierarchical Management of Software-Defined Networking," vol. 15, no. 8, p. 1520, 2023.
E. Calle, D. Martínez, M. Mycek, and M. J. I. J. o. C. I. P. Pióro, "Resilient backup controller placement in distributed SDN under critical targeted attacks," vol. 33, p. 100422, 2021.
G. Hessam, G. Saba, and M. I. J. J. o. C. S. Alkhayat, "A new approach for detecting violation of data plane integrity in Software Defined Networks," vol. 29, no. 3, pp. 341-358, 2021.
S. Yang, L. Cui, Z. Chen, W. J. I. T. o. N. Xiao, and S. Management, "An efficient approach to robust SDN controller placement for security," vol. 17, no. 3, pp. 1669-1682, 2020.
M. S. Tok, M. J. C. Demirci, and Security, "Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard," vol. 109, p. 102394, 2021.
T. Hasan, A. Akhunzada, T. Giannetsos, and J. Malik, "Orchestrating sdn control plane towards enhanced IoT security," in 2020 6th IEEE Conference on Network Softwarization (NetSoft), 2020, pp. 457-464: IEEE.
I. Ahammad, M. A. R. Khan, Z. U. J. S. M. P. Salehin, and Theory, "QoS performance enhancement policy through combining fog and SDN," vol. 109, p. 102292, 2021.
S. Goudarzi, M. H. Anisi, H. Ahmadi, and L. J. I. I. o. T. J. Musavian, "Dynamic resource allocation model for distribution operations using SDN," vol. 8, no. 2, pp. 976-988, 2020.
Y. Otoum, A. J. J. o. N. Nayak, and S. Management, "As-ids: Anomaly and signature based ids for the internet of things," vol. 29, pp. 1-26, 2021.
I. P. Saputra, E. Utami, and A. H. Muhammad, "Comparison of anomaly based and signature based methods in detection of scanning vulnerability," in 2022 9th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), 2022, pp. 221-225: IEEE.
S. Einy, C. Oz, and Y. D. J. M. P. i. E. Navaei, "The anomaly-and signature-based IDS for network security using hybrid inference systems," vol. 2021, pp. 1-10, 2021.
N. Sahani, R. Zhu, J.-H. Cho, and C.-C. J. A. T. o. C.-P. S. Liu, "Machine Learning-based Intrusion Detection for Smart Grid Computing: A Survey," vol. 7, no. 2, pp. 1-31, 2023.
L. Le Jeune, T. Goedeme, and N. J. I. A. Mentens, "Machine learning for misuse-based network intrusion detection: overview, unified evaluation and feature choice comparison framework," vol. 9, pp. 63995-64015, 2021.
M. Labonne, "Anomaly-based network intrusion detection using machine learning," Institut Polytechnique de Paris, 2020.
U. A. Usmani, A. Happonen, and J. Watada, "A Review of Unsupervised Machine Learning Frameworks for Anomaly Detection in Industrial Applications," in Science and Information Conference, 2022, pp. 158-189: Springer.
T.-H. Nguyen, T. T. T. Van Son Nguyen, T. T. Dung, N. L. Le Thi Thanh Thuy, N. M. Dung, and N. J. J. o. S. J. U. Van Ba, "Using Machine Learning And Deep Learning To Improve Anomaly Attack," vol. 58, no. 4, 2023.
P. R. B. N. Tomás, "Using Machine Learning (Ml) For Anomaly Detection Over Traffic Present In Service Mesh Arquitectures," 2022.
I. Martins, J. S. Resende, P. R. Sousa, S. Silva, L. Antunes, and J. J. F. G. C. S. Gama, "Host-based IDS: A review and open issues of an anomaly detection system in IoT," vol. 133, pp. 95-113, 2022.
R. Chaganti, W. Suliman, V. Ravi, and A. J. I. Dua, "Deep learning approach for SDN-enabled intrusion detection system in IoT networks," vol. 14, no. 1, p. 41, 2023.
G. Logeswari, S. Bose, T. J. I. A. Anitha, and S. Computing, "An intrusion detection system for sdn using machine learning," vol. 35, no. 1, pp. 867-880, 2023.
A. O. Alzahrani, M. J. J. C. Alenazi, C. Practice, and Experience, "ML‐IDSDN: Machine learning based intrusion detection system for software‐defined network," vol. 35, no. 1, p. e7438, 2023.
N. S. Shaji, R. Muthalagu, P. M. J. M. T. Pawar, and Applications, "SD-IIDS: intelligent intrusion detection system for software-defined networks," pp. 1-33, 2023.
M. Sneha, A. K. Kumar, N. V. Hegde, A. Anish, and G. J. I. J. o. I. S. Shobha, "RADS: a real-time anomaly detection model for software-defined networks using machine learning," vol. 22, no. 6, pp. 1881-1891, 2023.
D. A. Ezeh and J. J. I. J. A. P. O. T. S. A. F. I. de Oliveira, "An SDN controller-based framework for anomaly detection using a GAN ensemble algorithm," vol. 15, no. 2, pp. 29-36, 2023.
Y. Al-Dunainawi, B. R. Al-Kaseem, and H. S. J. I. A. Al-Raweshidy, "Optimized Artificial Intelligence Model for DDoS Detection in SDN Environment," 2023.
M. Hammad, N. Hewahi, W. J. A. J. o. B. Elmedany, and A. Sciences, "Enhancing Network Intrusion Recovery in SDN with machine learning: an innovative approach," vol. 30, no. 1, pp. 561-572, 2023.
S. Lal and V. Singh, "Techniques to Enhance the Performance of DBSCAN Clustering Algorithm in Data Mining."
H. Zhang, "Wireless Network Analysis and Optimization Based on the Social Media Data."
A. E. Ezugwu et al., "A comprehensive survey of clustering algorithms: State-of-the-art machine learning applications, taxonomy, challenges, and future research prospects," vol. 110, p. 104743, 2022.
S. Ray, "A quick review of machine learning algorithms," in 2019 International conference on machine learning, big data, cloud and parallel computing (COMITCon), 2019, pp. 35-39: IEEE.
M. Bansal, A. Goyal, and A. J. D. A. J. Choudhary, "A comparative analysis of K-nearest neighbor, genetic, support vector machine, decision tree, and long short term memory algorithms in machine learning," vol. 3, p. 100071, 2022.
J. Yang, X. Tan, and S. J. P. R. L. Rahardja, "Outlier detection: How to Select k for k-nearest-neighbors-based outlier detectors," vol. 174, pp. 112-117, 2023.
R. Santos et al., "Machine learning algorithms to detect DDoS attacks in SDN," vol. 32, no. 16, p. e5402, 2020.
R. Anusuya, M. R. Prabhu, C. Prathima, and J. A. J. J. o. S. i. F. S. Kumar, "Detection of TCP, UDP and ICMP DDOS attacks in SDN Using Machine Learning approach," vol. 10, no. 4S, pp. 964-971, 2023.
S. Zavrak, M. J. N. C. Iskefiyeli, and Applications, "Flow-based intrusion detection on software-defined networks: a multivariate time series anomaly detection approach," vol. 35, no. 16, pp. 12175-12193, 2023.
A. Singh, H. Kaur, and N. J. C. C. Kaur, "A novel DDoS detection and mitigation technique using hybrid machine learning model and redirect illegitimate traffic in SDN network," pp. 1-21, 2023.
N. Nisa, A. S. Khan, Z. Ahmad, and J. J. I. J. o. N. M. Abdullah, "TPAAD: Two‐phase authentication system for denial of service attack detection and mitigation using machine learning in software‐defined network," p. e2258, 2024.
J. Liu, J. Liu, R. J. C. S. Xie, and I. Systems, "Reliability-based controller placement algorithm in software defined networking," vol. 13, no. 2, pp. 547-560, 2016.
G. Wang, Y. Zhao, J. Huang, Q. Duan, and J. Li, "A K-means-based network partition algorithm for controller placement in software defined network," in 2016 IEEE International Conference on Communications (ICC), 2016, pp. 1-6: IEEE.
L. Zhu, R. Chai, and Q. Chen, "Control plane delay minimization based SDN controller placement scheme," in 2017 9th International Conference on Wireless Communications and Signal Processing (WCSP), 2017, pp. 1-6: IEEE.
Download PDF: 361 times
Copyright (c) 2024 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)