Scalable Flow based Management Scheme in Software Define Network (SDN) using sFlow

Abstract

The threats to information privacy while connected to cyber space are capacious and complex which require resilient network and antifragile security mechanisms. Software Define Network (SDN) infrastructure itself is predisposed to severe threats that may damage the provision of its usability as a security provider. The essential qualities of (SDN) are to provide support for high bandwidth and timely content delivery. SDN granular approach to security by centralizing the security control into one entity using the controller to ensure service control and information protection. SDN provides a new paradigm for applications to interact with the network. This interaction with declarative abstraction will instruct the Application Programming Interface (APIs) to direct the configuration and operation of the network. The API is queried to ask the network for information in order to plan and optimize the network operations. In this study, the vulnerability exploited by attackers to perform distributed denial of service (DDoS) attacks is examined. The trust between the control planes and forwarding planes is crucial in SDN. The separation of the control and data planes contributes to open security challenges such as denial of service (DoS) attacks, man-in-the-middle attacks, and network saturation attacks. The platform runs on Mininet 2.2.2, Ubuntu 18.04, Ryu Controller 4.34, and Sflow-RT. The Classification learning is based on Support Vector Machine (SVM). The contribution is to provide monitoring application of Flow RT Status and SFlow RT Packet Monitoring during Normal Traffic Generation. The implication for the monitoring application of SFlow RT Status is to supervise the failure in the status of sFlowAgent, sFlow Byte, and sFlow packet against cyber-attack.