Software Defined Networking (SDN) introduces unprecedented flexibility and centralized control but also exposes critical vulnerabilities due to its logically centralized architecture. Traditional security solutions for SDN often rely on external intrusion detection systems or heavyweight analytics, resulting in increased latency and deployment complexity. In this work, we propose a lightweight, modular security framework embedded directly within the Ryu controller to provide real-time protection against a broad spectrum of SDN-layer attacks. The framework integrates flow filtering, threshold-based anomaly detection, access control enforcement, and dynamic logging into a unified architecture, capable of mitigating threats such as SYN Flood, IP/ARP Spoofing, UDP Flood, and Flow Table Exhaustion. We implement and evaluate the proposed system using a Mininet-based testbed, emulating realistic attack scenarios and network conditions. Experimental results demonstrate high detection accuracy with false positive rates consistently below 5%, mitigation effectiveness exceeding 91%, and latency and throughput overheads remaining under 2%. The framework offers a practical, low-footprint solution for securing SDN environments, with potential for immediate deployment in production, educational, and cloud-based infrastructures. This work bridges the gap between theoretical SDN security models and deployable solutions, enabling scalable, real-time defense without sacrificing performance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing SDN Resilience with Embedded Security: A Low-Latency Anomaly Detection and Access Control Framework

  • Anil Ram,
  • Shalini Dhiman,
  • Ganesh Kumar Mahato,
  • Swarnendu Kumar Chakraborty

摘要

Software Defined Networking (SDN) introduces unprecedented flexibility and centralized control but also exposes critical vulnerabilities due to its logically centralized architecture. Traditional security solutions for SDN often rely on external intrusion detection systems or heavyweight analytics, resulting in increased latency and deployment complexity. In this work, we propose a lightweight, modular security framework embedded directly within the Ryu controller to provide real-time protection against a broad spectrum of SDN-layer attacks. The framework integrates flow filtering, threshold-based anomaly detection, access control enforcement, and dynamic logging into a unified architecture, capable of mitigating threats such as SYN Flood, IP/ARP Spoofing, UDP Flood, and Flow Table Exhaustion. We implement and evaluate the proposed system using a Mininet-based testbed, emulating realistic attack scenarios and network conditions. Experimental results demonstrate high detection accuracy with false positive rates consistently below 5%, mitigation effectiveness exceeding 91%, and latency and throughput overheads remaining under 2%. The framework offers a practical, low-footprint solution for securing SDN environments, with potential for immediate deployment in production, educational, and cloud-based infrastructures. This work bridges the gap between theoretical SDN security models and deployable solutions, enabling scalable, real-time defense without sacrificing performance.