Detection of Security and Safety Threats related to the Control of a SDN Architecture

Software Defined Networking is a concept within the networking field which proposed a centralized control considering the control and data planes. To overcome the safety and security threats, solutions might be divided into two categories: enforcing the controller to make it more robust or the architecture using a multi-controller approach. This work aims to pave the way for a multi-controller architecture without East-West interface to avoid the spreading of an attack. There is one nominal controller in charge of the control while the second observes the traffic at the Southbound interface to detect anomalies of control. A detection method is introduced theoretically and relies on Intrusion Detection System theory, more precisely the specification-based. Here, the specification is a template determined through a projection function of the control logic. The template is compared to the activity of the command observed such that any deviation generates an alarm. The method is finally explained in use cases. Copyright (C) 2021 The Authors.