Abstract
Despite the relative maturity of the Internet, the computer networks of today are still susceptible to attack. The necessary distributed nature of networks for wide area connectivity has traditionally led to high cost and complexity in designing and implementing secure networks. With the introduction of software-defined networks (SDNs) and network functions virtualization, there are opportunities for efficient network threat detection and protection. SDN's global view provides a means of monitoring and defense across the entire network. However, current SDN-based security systems are limited by a centralized framework that introduces significant control plane overhead, leading to the saturation of vital control links. In this paper, we introduce TENNISON, a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely available networking hardware, support for legacy networks, and a modular and extensible distributed design. We demonstrate the effectiveness and capabilities of the TENNISON framework through the use of four attack scenarios. These highlight multiple levels of monitoring, rapid detection, and remediation, and provide a unique insight into the impact of multiple controllers on network attack detection at scale.
Highlights
I N an increasingly networked world we rely on having reliable communications technologies for everyday business and social interaction
In October 2016, multiple Distributed Denial of Service (DDoS) attacks targeted systems operated by the Domain Name Server (DNS) provider, Dyn
We present TENNISON, a distributed Software Defined Networks (SDN) security framework built on a multi-level remediation mechanism
Summary
I N an increasingly networked world we rely on having reliable communications technologies for everyday business and social interaction. The frequency of network disruptions caused by cyber-attacks is increasing. In October 2016, multiple DDoS attacks targeted systems operated by the Domain Name Server (DNS) provider, Dyn. The attack is believed to have been orchestrated by a botnet of IoT devices infected with the Mirai malware with more than 60 services affected [2]. The attack is believed to have been orchestrated by a botnet of IoT devices infected with the Mirai malware with more than 60 services affected [2] These examples highlight several features of today’s network attacks; they are distributed, can involve high traffic volume, and execute remotely through network intrusion. These features indicate the importance of monitoring network events, including network traffic, flow, and device status, to enable effective attack detection and protection
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
