Pir Mehr Ali Shah

ARID AGRICULTURE UNIVERSITY RAWALPINDI

Synopsis for MS Degree in Computer Science

Title: SDN-BASED CYBER SECURITY STRATEGY FOR INDUSTRY

Name of the Student: Muhammad Junaid Khalid

Registration Number: 20-arid-954
Date of Admission: 05th October, 2020
Date of Initiation: 01st September, 2021
Probable Duration: One year

SUPERVISORY COMMITTEE

i) Supervisor ________________
Dr. Syed Mushhad Mustuzhar Gilani

ii) Member ________________

Dr. Saud Altaf

iii) Member ________________

Mr. Muhamad Aleem Akhtar

Director,
University Institute of Information Technology

Director,
Advanced Studies
 Pir Mehr Ali Shah

ARID AGRICULTURE UNIVERSITY RAWALPINDI

Synopsis for MS Degree in Computer Science

Title: SDN-BASED CYBER SECURITY STRATEGY FOR INDUSTRY

Name of the Student: Muhammad Junaid Khalid

Registration Number: 20-arid-954
Date of Admission: 05th October, 2020
Date of Initiation: 01st September, 2021
Probable Duration: One year

SCRUTINY COMMITTEE

i) Convener ________________
Dr. Muhammad Razzaq Athar

ii) Member ________________

Dr. Saleem Iqbal

ii) Member ________________

Dr. Tariq Ali

Director,
University Institute of Information Technology
 ABSTRACT

Software Defined Networking (SDN) is a comparatively new approach that

separates the data plane and control plane from the devices. In easy words, it takes

the decision power from routing devices and gives it to a device called SDN

controller. SDN provides a programmatic interface that helps the researchers to

experiment their proposed methodologies. Similar to other networks SDN is also

vulnerable to different cyber-attacks and need to implement cyber security

techniques. Cyber Security is a very trendy topic because of the diversity of the

attacking techniques. Cyber Security started from very beginning of the networks

because there was a greed and negative thoughts and people from the very

beginning of the world. There are different type of attacks that are performed to

gain the unauthorized access or to steal the important data to use it for personal

uses. Famous cyber-attacks are DDOS, ARP spoofing, and Injection attacks. Most

of the attacks are performed on the industrial networks because industrial networks

has more sophisticated data than a personal network that is why this research

focuses of industrial network security. Attack on industrial network will cause a

very large-scale damage in terms of data or money because industrial data has a

high number of dependents on them. For this reason, this research work is focused

on proposing a new strategy for the DDOS attack and ARP spoofing attack. This

strategy will be implemented using any distributed SDN controller because the

centralized controllers are not successful in industrial use cases. The evaluation of

the proposed strategy will be performed using some SDN simulation tool.

Keywords: Cyber Security; Software Defined Networking; DDOS attack; ARP

spoofing attack

1
 INTRODUCTION
Software Defined Networking (SDN) is a comparatively novel technique in

the world of networking. This approach separated the control plane and data plane,

in other words it took decision power from the networking devices and provides a

programmable interface to the users. Formal definition of SDN is “SDN derives its

importance from separating the control plane from the data plane, which facilitates

a programmable network that is more advantageous than conventional networking”

(Anbarsu, Rayan, & Vetrian, 2020). The control plane controls the transfer of the

data and implements some important networking mechanisms like flow control,

load balancing, Intrusion detection/prevention and firewalls in simple words all the

decision making is done here at control plane (Karakus & Durresi, 2017). The

control plane of SDN may have a centralized controller as proposed in Ethane

project (Casado, McKeown, & Shenker, 2019) and may have distributed controllers

like Open Networking Operating System (Berde et al., 2014). This helps to

configure control structure of whole network at a time instead of configuring each

device one by one. Its programmable interface provides the researchers and the

network engineers to innovate the network configuration whenever they need, this

also made the experimental setup very easy as well.

Every network and device connected to network may have many security

vulnerabilities, exploiting them may result in different costly circumstances for

example being data loss, hardware loss, or some type of ransomware attack. These

exploitations are commonly known as attacks. To counter these attacks Cyber

security introduced. Cybersecurity is defined by Webster’s Dictionary as

“measures taken to protect a computer or computer system (as on the Internet)

2
against unauthorized access or attack.” (Bullock, Haddow, & Coppola, 2013). This

field is as old as the networks are because evil minded people always had tendency

to steal the information or harm the system through some malicious programs.

There is a need to have some security mechanism against these attacks. Those

mechanisms are known as cyber security. Similar to other networks SDN is also

vulnerable to the attacks, its programmable interface is used to not only implement

the security algorithm and evolve them time to time.

With the passage of time, the increase in computation capability and

increase of Artificial Intelligence, based attacking techniques are creating an

alarming situation for security. The latest tools for attacks performs a lot of things

automatically that’s why any person with very less and in some cases without any

knowledge of networks and security can initiate and may be perform a successful

attack, to avoid such type of situation security techniques are needed to be evolved

time to time in this context this project will propose the cyber security strategy for

industry.

SDN is most commonly used in enterprises/industry as industrial networks

have high number of networking devices as compared to personal and home

network (Sahay, Meng, & Jensen, 2019) and there is a need of evolving the

configurations very frequently and SDN provides the facility to evolve the

configurations very easily. The industrial networks are facing severe cyber-attacks

very frequently as they have very highly confidential data, thus it is a need to

enhance cyber security techniques and incorporate SDN-based cyber security rules

and some new strategy using SDN controller

3
 The scope of this research is limited to two attacks DDOS attacks and ARP

spoofing attacks, these attacks will be mitigated using SDN platform as DDOS and

ARP spoofing attacks are most common attacks in industry (Correa Chica,

Imbachi, & Botero Vega, 2020).

Problem Statement

In Industrial networks the most it is been noted that the DDOS and ARP

spoofing attacks are still very successful because current mitigating techniques lags

in terms of latency and accuracy. For this reason, a new strategy for mitigation of

these attacks using SDN platform.

Objectives

This research has following objectives.

1. To identify the limitations in current mitigation strategies

2. To propose DDOS, and ARP spoofing attacks mitigating strategy

using SDN controller

3. To evaluate the proposed strategy at industrial level.

Outcomes

The proposed strategy is to filter the malicious packets, so the expected outcome is

the malicious packets will be filtered and the industrial network will remain secure

from DDOS and ARP spoofing attacks, as shown in Figure 1.

Figure 1: Expected outcome

4
 REVIEW OF LITERATURE

Sahay et al. (2019) proposed an approach to defend a ship architecture using

SDN, authors converted a traditional architecture to a software-defined architecture

and proposed a successful approach to mitigate the ARP spoofing attacks but the

proposed approach used centralized controller, in case for some reasons controller

goes down whole network will go down. This problem can be solved by using

some distributed controllers.

Babiceanu & Seker (2019) proposed cyber resilience technique to mitigate the

DDOS attack. The system shows some flexibility in case the number of input

packets is being increased by the server capacity and some virtual servers are

created to respond the packets but this approach has very low accuracy due to

imbalance dataset the results can be improved by using new and updated datasets

Girdler & Vassilakis (2021) proposed an ARP spoofing attack technique; this

technique matches the MAC addresses of ARP packet and Ethernet packet in

which ARP packet was encapsulated. This technique has very great accuracy rate

but it can be improved if current ARP table is also checked that if the entry or the

same IP or Mac do exist in the table or not.

Tuan et al. (2020) proposed a DDOS mitigation technique and used KNN

algorithm for classification of malicious packets, authors here tried to do the

mitigation at control plane of SDN architecture instead of application layer. This

really helped in improving the latency but the dataset used was very old the

technique will fail if implemented in real life scenario.

Badotra & Panda, (2021) also proposed DDOS attack mitigation technique

they used SVM for the classification purposes and have been successful in

5
mitigating the DDOS attack. Their technique got a good accuracy score but there

approach was very slow and creates the high latency that is problematic in

industrial networks the problem can be solved by changing the SVM approach with

some machine learning approach.

Tchendji et al. (2021) proposed an ARP spoofing attack mitigation technique,

they checked the current ARP table that whether the IP or MAC address from

incoming ARP packet already exists or not. If any of IP or MAC address exist then

the packet is dropped. Although this is very good technique, but this can be

improved if they also check the MAC addresses of the incoming ARP packet and

the Ethernet packet encapsulating the ARP packet.

Gadze et al. (2021) did an investigation over different Machine Learning and

Artificial Intelligence approaches. In their research they have generated new

dataset and then applied Naïve Bayes, KNN, SVM, ANN, CNN and RNN, and

have compared the obtained results from all of these approaches. The end results

are CNN outperformed every other approach and gave best latency and quickest

attack detection time.

Tan et al. (2020) proposed a security framework for detection and mitigation

of DDOS attack. They applied K-means clustering on incoming traffic prior to

applying KNN algorithm for classification; this helped them to scrutinize the

useless data and improve the accuracy level to 98.8% but their approach also

affected the latency very badly. The latency has been increased with a huge

difference.

MATERIALS AND METHODS

6
 The proposed strategy will use machine-learning approach to mitigate the

DDOS attack for that a latest dataset will be chosen because with the passage of

time the size of traffic is getting increased very rapidly and the DDOS attack is

directly linked with the size of traffic. That is why the choice of dataset also

matters a lot, then a model will be trained on that after training it will be tested if

the results are satisfactory then it will be deployed in the SDN controller. In case of

ARP attacks there will be two rules that will be added to the controller

1. If the MAC addresses of ARP and Ethernet packet that was encapsulating

ARP packet matches then the packet will be passed otherwise it will be

dropped

2. If any of the IP or MAC address from ARP packet is already exist in ARP

table then the packet will be dropped otherwise it will be passed.

The implementation of the proposed strategy will be done using distributed

SDN controllers like ONOS (Berde et al., 2014), ONIX (Koponen et al., 2019) or

OpenDaylight controller (Medved, Varga, Tkacik, & Gray, 2014). These

controllers will be integrated with Mininet simulator or NS3 simulator for the

evaluation of the proposed strategy. In order to initiate the process it is required to

perform the successful DDOS and attack to assess the capacity of server. This will

help to how much load the server can bear, because it is needed to make sure that

in case of any delay in attack detection server must not go down. So, the mitigation

technique will be devised in such a way that it will not only detect the attack but

also mitigate it before server or network goes down. The common problem in many

DDOS mitigation techniques is the delay in attack detection, The attack detection

takes time because the network traffic is imbalance because the major part of

7
network traffic is legitimate and very small part of traffic is malicious secondly in

case of ICMP flooding the traffic is not malicious. Similarly, in case of ARP

spoofing attacks first successful attack will be performed and then a mitigation

strategy will be devised. ARP spoofing attacks are comparatively easy to detect.

The basic overview the proposed strategy is given in figure 2.

Figure 2: Basic infrastructure of proposed strategy

From Figure 2 it is clear that proposed strategy will be independent from

infrastructure, the proposed algorithm and rules will be deployed on SDN

controller, then the controller can be connected to any industrial infrastructure like

in education industry during admission and result time the servers are very

vulnerable to DDOS attack and the network is all time vulnerable to ARP spoofing

attack for intrusion in the network of different purposes similarly the networks in

the state owned institutions are all time vulnerable to both DDOS and ARP

spoofing attacks for example NADRA database server can be attacked for different

8
reason like data breach or to create problems for the public facilities. The bank

servers and networks are also all time vulnerable to attack because their attacker

will get the money access and can alter bank account details. This is why this

research is focused proposing a new strategy for mitigating the DDOS attack and

prevent the ARP spoofing attack. Using SDN controller, to deploy the proposed

strategy the network will be migrated from traditional to SDN. The detailed is

given in a form of flow chart in Figure 3

Figure 3: Proposed mitigation strategy

LITERATURE CITED

9
Anbarsu, S., Rayan, A. X. A., & Vetrian, V. (2020). Software-Defined Networking

for the Internet of Things: Securing home networks using SDN. In Real-Time

Data Analytics for Large Scale Sensor Data pp. 215–270.

https://doi.org/10.1016/b978-0-12-818014-3.00010-3

Babiceanu, R. F., & Seker, R. (2019). Cyber resilience protection for industrial

internet of things: A software-defined networking approach. Computers in

Industry, 104, 47–58. https://doi.org/10.1016/j.compind.2018.10.004

Badotra, S., & Panda, S. N. (2021). SNORT based early DDoS detection system

using Opendaylight and open networking operating system in software

defined networking. Cluster Computing, 24(1), 501–513.

Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Parulkar, G.

(2014). ONOS: Towards an open, distributed SDN OS. HotSDN 2014 -

Proceedings of the ACM SIGCOMM 2014 Workshop on Hot Topics in

Software Defined Networking, 1–6. https://doi.org/10.1145/2620728.2620744

Bullock, J. A., Haddow, G. D., & Coppola, D. P. (2013). Cybersecurity and Critical

Infrastructure Protection. In Introduction to Homeland Security 283–321.

Elsevier. https://doi.org/10.1016/b978-0-12-415802-3.00008-7

Casado, M., McKeown, N., & Shenker, S. (2019). From ethane to SDN and

beyond. Computer Communication Review, 49(5), 92–95.

Correa Chica, J. C., Imbachi, J. C., & Botero Vega, J. F. (2020). Security in SDN:

A comprehensive survey. Journal of Network and Computer Applications,

159, 102595. https://doi.org/10.1016/j.jnca.2020.102595

Gadze, J. D., Bamfo-Asante, A. A., Agyemang, J. O., Nunoo-Mensah, H., &

Opare, K. A.-B. (2021). An Investigation into the Application of Deep

10
 Learning in the Detection and Mitigation of DDOS Attack on SDN

Controllers. Technologies 2021, Vol. 9, Page 14, 9(1), 14.

Girdler, T., & Vassilakis, V. G. (2021). Implementing an intrusion detection and

prevention system using Software-Defined Networking: Defending against

ARP spoofing attacks and Blacklisted MAC Addresses. Computers and

Electrical Engineering, 90, 106990.

Karakus, M., & Durresi, A. (2017). A survey: Control plane scalability issues and

approaches in Software-Defined Networking (SDN). Computer Networks,

112, 279–293. https://doi.org/10.1016/J.COMNET.2016.11.017

Koponen, T., Casado, M., Gude, N., Stribling, J., Poutievski, L., Zhu, M., Shenker,

S. (2019). Onix: A distributed control platform for large-scale production

networks. Proceedings of the 9th USENIX Symposium on Operating Systems

Design and Implementation, OSDI 2010, 351–364.

Medved, J., Varga, R., Tkacik, A., & Gray, K. (2014). OpenDaylight: Towards a

model-driven SDN controller architecture. Proceeding of IEEE International

Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

Institute of Electrical and Electronics Engineers Inc.

https://doi.org/10.1109/WoWMoM.2014.6918985

Sahay, R., Meng, W., Estay, D. A. S., Jensen, C. D., & Barfod, M. B. (2019).

CyberShip-IoT: A dynamic and adaptive SDN-based security policy

enforcement framework for ships. Future Generation Computer Systems, 100,

736–750. https://doi.org/10.1016/j.future.2019.05.049

Sahay, R., Meng, W., & Jensen, C. D. (2019). The application of Software Defined

Networking on securing computer networks: A survey. Journal of Network

11
 and Computer Applications, 131, 89–108.

Tan, L., Pan, Y., Wu, J., Zhou, J., Jiang, H., & Deng, Y. (2020). A New

Framework for DDoS Attack Detection and Defense in SDN Environment.

IEEE Access, 8, 161908–161919.

https://doi.org/10.1109/ACCESS.2020.3021435

Tchendji, V. K., Mvah, F., Djamegni, C. T., & Yankam, Y. F. (2021). E2BaSeP:

Efficient Bayes Based Security Protocol Against ARP Spoofing Attacks in

SDN Architectures. Journal of Hardware and Systems Security, 5(1), 58–74.

https://doi.org/10.1007/s41635-020-00105-x

Tuan, N. N., Hung, P. H., Nghia, N. D., Tho, N. Van, Phan, T. Van, & Thanh, N.

H. (2020). A DDoS Attack Mitigation Scheme in ISP Networks Using

Machine Learning Based on SDN. Electronics, 9(3), 413.

12