Abstract
Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players’ information, simulate approximate attack scenarios, and quantitatively estimate systems’ reliability. And we explore several typical game instances defined by system’s capability, players’ objects, and strategies. Experimental results illustrate that the system’s detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDN can significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure’s feasibility, flexibility, and its persistent ability against long-term attacks.
Highlights
SDN is a novel and promising framework which can be applied in traditional and wireless networks to achieve highly programmable switch infrastructure [1, 2]
To the best of our knowledge, the most powerful dynamic security architecture for SDN is the Mcad-SA proposed in [9] which exploits heterogeneity, redundancy, and dynamism from multiple controllers to intensify security
The only occasion in which the equilibrium exists is that defenders adopt maximum reimage and MaxSG scheduling method while attackers select maximum probe
Summary
SDN is a novel and promising framework which can be applied in traditional and wireless networks to achieve highly programmable switch infrastructure [1, 2]. It separates the data and control planes, which makes switches become simple data forwarding devices, and network is manipulated through logically centralized controllers [3]. It is no doubt that this processing mechanism will definitely improve the efficiency of network management and performance of network operation [4] This reliance on a centralized controller can lead to a single point of failure if not carefully designed and implemented. No researches about their security performance evaluation have been conducted
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
