کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
452829 694628 2015 17 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Enabling security functions with SDN: A feasibility study
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Enabling security functions with SDN: A feasibility study
چکیده انگلیسی

Software-defined networking (SDN) is being strongly considered as the next promising networking platform, and studies regarding SDN have been actively conducted accordingly. However, the security of SDN remains undefined and unknown when considering the enhancement of network security in SDN. In this paper, we verify whether SDN can enhance network security. Specifically, the idea of enabling security functions with diverse SDN features is explored thoroughly. In order to elucidate the feasibility of SDN-based security functions, we implement four types of security functions with SDN in Floodlight applications: (i) in-line mode security functions (e.g. firewalls and IPS), (ii) passive mode security functions (e.g. IDS), (iii) network anomaly detection functions (e.g. scan and DDoS detector), and (iv) advanced security functions (e.g. stateful firewall and reflector networks). Furthermore, we focus on discovering issues that might arise throughout the implementation of SDN-based security applications and discuss how these issues can be addressed. In order to appropriately prove the feasibility of the SDN-based security applications, we evaluate our Floodlight applications in real testbeds that consist of SDN-enabled switches and a number of physical hosts.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computer Networks - Volume 85, 5 July 2015, Pages 19–35
نویسندگان
, , , , , ,