Detection of anomalies of a non-deterministic software-defined networking control

Abstract

Software Defined Networking (SDN) is a network architecture within the control is centralized through a software-based controller. Being a single point of attack makes the controller the preferred target in the SDN architecture. Multi-controller architecture has been introduced to reinforce the control plane. However it requires a communication interface between the controllers which is a security threat. In this objective, a dual controller architecture is introduced and it consists of one nominal controller in charge of the data plane computation plus a second one in charge of the detection of anomalies in the decisions taken by the main controller. In the case of non-determinist algorithm, the detection logic aims at determining a likelihood score of the decisions taken by the controller. A multi-criterion detection approach is proposed by considering both the performance of the decisions and the structure of the decisions taken by the controller. Such computations are probabilistic and attention has been paid to machine learning algorithms to determine this likelihood. More precisely, three formalisms are compared: Probabilistic Finite Automaton, Hidden Markov Model and Recurrent Neural Network. The impact of the control variance in the detection accuracy depending on the formalism used is discussed on a case study.