Methodology to Improve Control Plane Security in SDN Environments

This book unveils a blueprint for safeguarding the very backbone of modern communication networks. It offers a roadmap towards fortifying SDN infrastructures against the relentless onslaught of cyber threats, ensuring resilience and reliability in an ever-evolving digital landscape.

This is an exhaustive study of crafting a robust security solution tailored for the SDN environment, specifically targeting the detection and mitigation of distributed denial of service (DDoS) attacks on the control plane. The methodology hinges on an early detection strategy, meticulously aligned with industry standards, serving as a beacon for professionals navigating the intricate realm of implementing security solutions. This reference elucidates an innovative approach devised to identify and mitigate the inherent risks associated with the OpenFlow protocol and its POX controller. Validated through rigorous simulations conducted within controlled environments utilizing the Mininet tool and SDN controller, the methodology unfolds, showcasing the intricate dance between theory and practice.

Through meticulous observation of detection algorithm results in simulated environments, followed by real-world implementation within network testbeds, the proposed solution emerges triumphant. Leveraging network entropy calculation, coupled with swift port blocking mechanisms, the methodology stands as a formidable barrier against a DDoS attack such as TCP, UDP, and ICMP floods.

Wendwossen Desalegn earned a Bachelor's degree in electrical and computer engineering from Hawassa University in Ethiopia in 2016 and a Master's degree in electronic and communication engineering from Adama Science and Technology University (ASTU) in 2022. He is a cyber security specialist and network engineer who has designed and implemented firewalls and holds CCNA and CCNP certifications. Currently, he works with IPCOM Technologies in Addis Ababa, Ethiopia. He has over 6 years of experience in this industry. His research interests are cybersecurity, SDN, SDS, and network automation.

Javed Shaikh received his Bachelor of Engineering degree in electronics and telecommunications from Dr. BAMU University, India in 2009 and Master of Engineering degree in VLSI and embedded systems from Pune University in 2012. He received his PhD degree in Communication and Computer Engineering from Technical University of Sofia (TUS), Bulgaria. Currently, he is working with the Department of Electronics and Communication Engineering, Adama Science and Technology University, Adama, Ethiopia and as an Assistant Professor. He has 13+ years of teaching experience of teaching in India and abroad. His research interests include communication networks, cryptography, AI and ML, cyber security and E-commerce systems, and 5G networks. He has published several papers in reputed journals and conferences.

Bayisa Taye Mulatu received his Bachelor of Science degree in electrical and computer engineering from Addis Ababa University, Ethiopia in 2009 and Master of Engineering degree in computer science and communication engineering from Waseda University, Japan, in 2018. Previously he worked at Ethio Telecom, as network engineer and later in public universities: Hawassa University, Dilla University and Bule Hora University. Currently, he is working with the Department of Electronics and Communication Engineering, Adama Science and Technology University, Adama, Ethiopia and he is serving as a Lecturer. His research interests include wireless communication networks, cloud computing, AI and ML, and 5G and beyond-5G networks. He has published several papers in reputed journals and conferences.