Exploring SDN @ Anna

University
People
Faculty Researchers Students
Dr Arockia Xavier Annie R Mr. Ashok Kumar M Ms. Aarthi S
Dr Gopal T V Mrs. Bharathi N A Mr. Balaji S
Dr Ranjani Parthasarathi Mr. Baratheraja R N
Dr Vetriselvi V Mr. Gowtham V N
Dr Yogesh P Ms. Jahnavi N
Ms. Jayabarathi G
Ms. Kirutika K
Ms. Lakshmipriyadarshini V
Mr. Parthiban P R
Mr. Raakesh M
Ms. Sathiya Priya L
Mr. Sethu Ramalingam R
Ms. Shafreen Nihara A
Ms. Shalini S
Ms. Shivaranjani
SDN in curricula
PG Level – M.E CSE & M.Tech IT (R2015)

• Networking Technologies / Network Engineering core course –

One unit is on Software Defined Networks

UG Level – B.E CSE / B.Tech IT

• One unit on SDN in Advanced Networks elective course (R2015)

• Software Defined Networks is offered as an elective (R2017)
• Basics of SDN is introduced in core course of Computer Networks
(R2017)
 Network Monitoring (Interface Masters Technologies)
• Distributed Traffic Monitoring Fabric
• Network Applications using DPDK
Network Management
• Network Resilience using SDN and NFV
• Proactive failure recovery in openflow based SDN
Areas • Failure recovery using segment protection in openflow based SDN
Explored &
Collaborators
SDN and Security (Cognizant/ISEA)
• Intrusion detection system (IDS) in data plane of SDN
• Two-level IDS using ML/Genetic/Fuzzy
• Collaborative IDS using Game theory
• URL filtering in SDN

Mitigating attacks on SDN (AU-Cognizant Security Research Lab)

• Mitigation of DDoS attacks
• Detecting compromised controllers
Network Monitoring
Distributed Traffic Monitoring Fabric
• Flow management in SDN
▪ Flow Aggregation
▪ Path optimization
• Pattern Based Load balancing
▪ Classify network traffic using machine
learning algorithms
▪ Perform load balancing based on the
class of the traffic
• Interactive Monitoring and
Visualization
▪ Statistics collection – number of flows,
bytes , packets, errors etc.
▪ Performance calculation - link utilization,
bandwidth
▪ Create customized alerts on various
aspects like flows, utilization, topology
events
▪ Chord diagram, Zoomable circle packing
– used to visualize links, devices,
flows and traffic
DTMF
• Interface Masters Network Packet
Broker Devices connected to ONOS
controller
• DTMF deployed as an application
running on top of ONOS
Network Applications Using DPDK
• High Performance Network Applications that run on x86 hardware using
Intel DPDK framework
▪ Packet Trimming
▪ Data Masking
• Packet Trimming
• Removing payload from the packets – Only headers can be sent to the monitoring
tools

• Data Masking
• Masking sensitive information in the packets
Network Management
 Network Resilience
Using SDN and NFV

• Leveraging SDN and NFV for network

monitoring and security services –
together providing network resilience
• On demand provisioning of following
virtual network functions,
• Traffic Monitoring
• Firewall
• IDS/IPS
• Tools used
• Ryu and Floodlight Controllers
• Snort IDS/IPS
• Mininet
• OpenMANO
Failure Recovery
• Proactive failure recovery
• Controller adds backup paths along with working paths
• Switches perform local recovery actions
• Backup paths added only for Critical/Important paths
• Segment Protection for failure recovery
• Backup paths computed using segment (smaller than path) protection
• Bidirectional Forwarding Detection protocol used to identify failure

Publication:
V.Padma and P.Yogesh, "Proactive Failure Recovery in OpenFlow based Software Defined Networks", International Conference on
Signal Processing, Communication and Networking (ICSCN 2015), organized by MIT Campus Anna University Chennai, India.
Available in IEEE Xplore digital library
V.Padma, Gayathri Santhosh and Yogesh Palanichamy, "Failure Recovery using Segment Protection in Software Defined
Networks", International Conference on Intelligent Information Technologies 2017 (ICIIT 2017), organized by College of
Engineering Guindy Anna University Chennai, India. Available in Springer CCIS
SDN and Security
 Intrusion Detection System in Data Plane of SDN
• Build IDS that enhances security in
the data plane
• Goals
• Firewall based on - Flow/
Transport/ Application
• Preventing controller resource
saturation attacks using Multi-
Layer Fair Queuing (MLFQ)
• Detecting Virus – Signature
based – Aho corasick Algorithm
• Truncating packets for efficient
analysis by monitoring tools
• P4 based switches are used as the
data plane with customized pipeline
and flow tables
Two Level IDS using ML
• Building IDS using the principles
of Machine Learning and Genetic
algorithm
• Anomaly Detection using ML
algorithm (ID3)
• Anomaly Classification using
Genetic Algorithm
• P4 based switches are used
with customized pipelines
and match tables for DPI
IDS for SDN using Fuzzy System
Fuzzy IDS
• Early Detection Algorithms – Connection success ratio, throttling connection
• Anomaly-based fuzzy IDS – Supervised machine learning approach
• Trained with KDD Cup 99 dataset
• Features – Duration, protocol, flag, src bytes, dst bytes, urg packets, packet count, diff
serv count
• Attack Categories considered
• Denial of Service (DOS)
• Remote to Local (R2L)
• User to Root (U2R)
• Probing

Publication:
Shalini S, Shafreen Nihara A, Sathiya Priya L, Vetriselvi.V, “Intrusion Detection System for Software-Defined Networks Using Fuzzy System”,
Proceedings of the International Conference on Computing and Communication Systems, Lecture Notes in Networks and Systems book
series (LNNS, volume 24), Springer, March 2018.
Collaborative Intrusion Detection System
using Game Theory
• Multiple Controller and Multiple IDS environment – communicating with
each other – a collaborative system
• Collaborative system is formalized using Game Theoretical Framework
• Optimizes each IDS with respect to other IDS by achieving Nash
Equilibrium State
• Two different IDSs are used
• Entropy based IDS – detects attacks based on behavioral change in entropy
• Snort IDS – rule based – detects predefined signatures

Publication:
Gowtham V.N., Baratheraja R.N., Jayabarathi G., Vetriselvi V. , "Collaborative Intrusion Detection System in SDN Using Game
Theory", Proceedings of the International Conference on Computing and Communication Systems. Lecture Notes in Networks and
Systems, vol 24. Springer(2018), Singapore.
Collaborative IDS Framework
URL filtering in SDN
• Detection of phishing URLs
• Analyze the lexical and content-based features of the URLs
• Use Deep Packet Inspection(DPI) and machine learning techniques
• Performance of the system is evaluated based on the response time and accuracy
in a simulation framework

Publication:
Archana Janani, V. Vetriselvi, Ranjani Parthasarathi, “An Approach to URL Filtering in SDN”
International Conference on Computer Networks and Communication Technologies,
Springer(2018). Springer Lecture Notes on Data Engineering and Communications Technologies
Mitigation of DOS attack in SDN
• Mitigating the denial-of-service attack on flow tables
• Randomization of the paths – distributing rules
• Flow aggregation - reducing rules
• Overall number of rules is reduced by 58%, which is better than 26%
reported in SDNGuard (a similar approach)

Publication:
N.A.Bharathi, Ranjani Parthasarathi, V. Vetriselvi, “Mitigation of DoS in SDN using Path
Randomization” International Conference on Computer Networks and Communication Technologies,
Springer (2018). Springer Lecture Notes on Data Engineering and Communications Technologies.
Detecting Compromised Controllers in SDN
• Uses machine learning algorithm – Random Forest Classifier
• Classifies the controller as compromised or not at any given point in time
• Monitors various aspects of the system like
• System logs
• Packet In, Packet Out Ratio
• Packet In, Packet Out Disparity
• Switch Participation Index
• Average degree of nodes
• Timeout Frequency
• Performance evaluation under following attacks
• DoS
• Topology Poisoning
• Traffic Diversion
• Pass traffic via compromised switch
• Tear Drop Attack
Detecting Compromised Controllers in SDN
 SDN for Internet of Things: Securing
Home networks using SDN
• Heterogeneity and
Interoperability of diverse home
devices handled with SDN
• IDS using ensemble of ID3, Fuzzy
and deep neural network
approaches
Work in Progress
• Setting up of 5G SDN security test bed
• Dell PowerEdge T430 - Intel Xeon processor E5-2600 v4 product family – 20 GB
RAM
• Running as a Kubernetes Worker Node – ONOS and other application containers are
deployed on it
• Dell PowerEdge T20 - Intel Xeon E3-1225 v3 product family – On-board RAID
• 3 x Ruijie RG-S2910-24GT4XS-E - OpenFlow Enabled Gigabit Switches
• Maxinet – to emulate huge number of nodes
• DDos attack detection and mitigation in a data center network
• Considering – leaf and spine topology with – ONOS Trellis fabric
• sflow based behavioral analysis
Thank You