On detecting compromised controller in software defined networks

Our contributions in this paper include the following: (i) identification of five threat vectors that represent compromised controllers in SDNs, (ii) creation of a large volume of OpenFlow traffic traces in order for studying various SDN threat vectors, (iii) proposal of nine novel OpenFlow-specific features that capture the above mentioned threat vectors, and (iv) study of machine-learning based detection technique for compromised control plane using six classifiers. The OpenFlow traffic trace data set, we created, is made available for the use of larger research community. We carried out detailed experimental studies that show the efficacy of our scheme in detecting the presence of compromised controllers. Our results indicate that Random Forest is the most suitable machine learning classifier that provides about 97% accuracy.