Abstract: Nowadays policy driven networks has received more attention due to the popularity of software defined networks by a software-based, network-aware controller have replaced manual configuration of multiple an automated approach where a software-based, network-aware controller handles the configuration of all network devices. Software applications running on top of the network controller provide an abstraction of the topology and facilitate the task of  operating the network. We propose OpenSec, an OpenFlow-based security framework which allows a network security operator to create and implement security policies written in human-readable language. Using OpenSec, the user can describe a flow in terms of OpenFlow matching fields, define which security services are to be applied to that flow such as deep packet inspection, intrusion detection, spam detection, etc and specify security levels that defines how OpenSec  will react  if malicious traffic is detected in the system. In this paper, we have  provided details about how OpenSec converts security policies into a series of OpenFlow messages which are needed or required to implement such a policy. Then, we describe how the framework will automatically reacts to  the security alerts that are specified by the policies. After doing this,, we  will perform experiments on the GENI testbed to evaluate the scalability of the proposed framework using existing datasets of campus networks. Our results will show that up to 95% of attacks in an existing data set can be detected and 99% of malicious source nodes can be blocked automatically. Further, we  will show that our policy specification language is simpler while offering fast translation times compared to existing solutions.

Index terms: Software Defined Networking, OpenFlow, Network Security, Policy-based Network Management, Policy Specification.

PDF | DOI: 10.17148/IARJSET.2020.7420

Open chat