Methodology for assessing the reliability of software-defined networks under computer attacks

Authors

  • Igor V. Kotenko Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia
  • Igor B. Saenko Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia
  • Sergey Y. Skorobogatov Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia
  • Oleg S. Lauta Admiral Makarov State University of Maritime and Inland Shipping, 5/7 Dvinskaja Street, Saint Petersburg 198035, Russia
  • Victar P. Kochyn Belarusian State University, 4 Niezaliezhnasci Avenue, Minsk 220030, Belarus https://orcid.org/0000-0001-7782-9536

Keywords:

computer attacks, stability, software-defined networks, Markov chains
Supporting Agencies
The research was supported by the Saint Petersburg Science Foundation grant No. 23-RB-01-09.

Abstract

Introduction. An important feature of SDN technology is centralised network management using a controller realized using the OpenFlow control protocol and allowing not only to manage network devices, but also to collect network statistics, which permits to solve emerging network problems more effectively by configuring all network devices simultaneously. The controller is the most vulnerable element, an attack on which can affect the stability of its the entire infrastructure.
Problem statement. The development of mathematical foundations for assessing SDN stability will allow us to calculate SDN stability indicators using analytical expressions. As the main indicator, it is proposed to use the coefficient of serviceable action for SDN stability.
Methods. The estimation of SDN stability indicators is carried out using methods of the theory of Markov processes. In order to ensure the stability of the SDN operation, this paper substantiates an algorithm for monitoring the state of controllers and their automatic adjustment.
Results. A verbal and mathematical formulation of the scientific problem for the study is carried out, and the general problem is decomposed into specific problems, namely, conceptual modelling of the subsystem of intelligent monitoring of the state of the public information and telecommunications network, development of a method for synthesising its subsystem of intelligent monitoring of the state, as well as the formation of scientific and technical proposals for the implementation of this method.
Practical significance. The proposed methodology makes it possible to estimate the stability of a software-defined network in the conditions of computer attacks characteristic for it, as well as to form general requirements for the protection system using the obtained stability indicators.

Author Biographies

  • Igor V. Kotenko, Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia

    honored scientist of the Russian Federation, doctor of science (engineering), full professor; chief researcher

  • Igor B. Saenko, Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia

    doctor of science (engineering), full professor; leading researcher

  • Sergey Y. Skorobogatov, Saint Petersburg Federal Research Center of the Russian Academy of Sciences, 39, 14th Line V. O., Saint Petersburg 199178, Russia

    competitor

  • Oleg S. Lauta, Admiral Makarov State University of Maritime and Inland Shipping, 5/7 Dvinskaja Street, Saint Petersburg 198035, Russia

    doctor of science (engineering), docent; professor at the department of integrated information security

  • Victar P. Kochyn, Belarusian State University, 4 Niezaliezhnasci Avenue, Minsk 220030, Belarus

    PhD (engineering), docent; vice-rector for academic affairs and internationalisation of education

References

  1. Egilmez HE, Dane ST, Bagci KT, Tekalp AM. OpenQoS: an OpenFlow controller design for multimedia delivery with end-to-end quality of service over software-defined networks. In: Asia Pacific Signal and Information Processing Association. Proceedings of the 2012 Asia Pacific Signal and Information Processing Association annual summit and conference; 2012 December 3–6; Hollywood, USA. [S. l.]: IEEE; 2012. p. 1–8.
  2. Lei Y, Lanson JP, Kaldawy RM, Estrada J, Shue CA. Can host-based SDNs rival the traffic engineering abilities of switch-based SDNs? In: Chemouil P, Krief F, Ahmed T, Hoßfeld T, Secci S, Stanica R, editors. Proceedings of the 11th International conference on network of the future (NoF); 2020 October 12–14; Bordeaux, France. [S. l.]: IEEE; 2020. p. 91–99. DOI: 10.1109/NoF50125.2020.9249110.
  3. Xia W, Wen Y, Foh CH, Niyato D, Xie H. A survey on software-defined networking. IEEE Communications Surveys & Tutorials. 2015;17(1):27–51. DOI: 10.1109/COMST.2014.2330903.
  4. Vestin J, Kassler A, Akerberg J. Resilient software defined networking for industrial control networks. In: IEEE. Proceedings of the 10th International conference on information, communications and signal processing (ICICS); 2015 December 2–4; Singapore. [S. l.]: IEEE; p. 1–5. DOI: 10.1109/ICICS.2015.7459981.
  5. Kreutz DF, Ramos MV, Veríssimo P, Rothenberg CE, Azodolmolky S, Uhlig S. Software-defined networking: a comprehensive survey. Proceedings of the IEEE. 2015;103(1):14–76. DOI: 10.1109/JPROC.2014.2371999.
  6. Ahmadi V, Jalili A, Khorramizadeh SM, Keshtgari M. A hybrid NSGA-II for solving multiobjective controller placement in SDN. In: Iran University of Science and Technology. Proceedings of the 2nd International conference on knowledge-based engineering and innovation (KBEI); 2015 November 5–6; Tehran, Iran. [S. l.]: IEEE; p. 663–669. DOI: 10.1109/KBEI.2015.7436122.
  7. Agarwal S, Kodialam M, Lakshman T. Traffic engineering in software defined networks. In: Marsan MA, Colombo G, editors. Proceedings IEEE INFOCOM; 2013 April 14–19; Turin, Italy. [S. l.]: IEEE; p. 2211–2219. DOI: 10.1109/INFCOM.2013.6567024.
  8. Kotani D, Suzuki K, Shimonishi H. A design and implementation of OpenFlow Controller handling IP multicast with fast tree switching. In: IEEE. Proceedings of the 12th International symposium on applications and the Internet; 2012 July 16–20; Izmir, Turkey. [S. l.]: IEEE; p. 60–67. DOI: 10.1109/SAINT.2012.17.
  9. Nencioni G, Helvik BE, Gonzalez AJ, Heegaard PE, Kamisinski A. Impact of SDN controllers deployment on network availability. ArXiv:1703.05595 [cs.NI] [Preprint]. 2017 [cited 2024 August 1]: [5 p.]. Available from: https://arxiv.org/abs/1703.05595. DOI: 10.48550/arXiv.1703.05595.
  10. Bannour F, Souihi S, Mellouk A. Scalability and reliability aware SDN controller placement strategies. In: IEEE. Proceedings of the 13th International conference on network and service management (CNSM); 2017 November 26–30; Tokyo, Japan. [S. l.]: IEEE; 2017; p. 1–4. DOI: 10.23919/CNSM.2017.8255989.
  11. Pichpibul T, Kawtummachai R. An improved Clarke and Wright savings algorithm for the capacitated vehicle routing problem. ScienceAsia. 2012;38:307–318. DOI: 10.2306/SCIENCEASIA1513-1874.2012.38.307.
  12. Ros FJ, Ruiz PM. On reliable controller placements in software-defined networks. Computer Communications. 2016;77:41–51. DOI: 10.1016/j.comcom.2015.09.008.
  13. Yao G, Bi J, Li Y, Guo L. On the capacitated controller placement problem in software defined networks. IEEE Communications Letters. 2014;18(8):1339–1342. DOI: 10.1109/LCOMM.2014.2332341.
  14. Park SM, Ju S, Lee J. Efficient routing for traffic offloading in software-defined network. Procedia Computer Science. 2014;34:674–679. DOI: 10.1016/j.procs.2014.07.096.
  15. Singh S, Jha RK. A survey on software defined networking: architecture for next generation network. Journal of Network and Systems Management. 2017;25(2):321–374. DOI: 10.1007/s10922-016-9393-9.
  16. Lange S, Gebert S, Spoerhase J, Rygielski P, Zinner T, Kounev S, et al. Specialized heuristics for the controller placement problem in large scale SDN networks. In: Universiteit Gent. Proceedings of the 27th International teletraffic congress; 2015 September 8–10; Ghent, Belgium. [S. l.]: IEEE; 2015. p. 210–218. DOI: 10.1109/ITC.2015.32.
  17. Rabia S, I SI, Lilia G, Benjamin K. SDMANET: enhancing MANETs with hybrid protocols through SDN integration. In: IEEE. Proceedings of the International conference on artificial intelligence, computer, data sciences and applications (ACDSA); 2024 February 1–2; Victoria, Seychelles. [S. l.]: IEEE; 2024. p. 1–8. DOI: 10.1109/ACDSA59508.2024.10467333.
  18. Li J, Chang X, Ren Y, Zhang Z, Wang G. An effective path load balancing mechanism based on SDN. In: IEEE. Proceedings of the 13th International conference on trust, security and privacy in computing and communications; 2014 September 24–26; Beijing, China. [S. l.]: IEEE; 2014. p. 527–533. DOI: 10.1109/TrustCom.2014.67.
  19. Celenlioglu MR, Alsadi M, Mantar HA. Design, implementation and evaluation of SDN-based resource management model. In: Badra M, Boukerche A, Urien P, editors. Proceedings of the 7th International conference on new technologies, mobility and security (NTMS); 2015 July 27–29; Paris, France. [S. l.]: IEEE; 2015. p. 1–8. DOI: 10.1109/NTMS.2015.7266484.
  20. Li W, Meng W, Kwok LF. A survey on OpenFlow-based software defined networks: security challenges and countermeasures. Journal of Network and Computer Applications. 2016;68:126–139. DOI: 10.1016/j.jnca.2016.04.011.
  21. Koushika AM, Selvi ST. Load balancing using software defined networking in cloud environment. In: IEEE. Proceedings of the International conference on recent trends in information technology; 2014 April 10–12; Chennai, India. [S. l.]: IEEE; 2019. p. 1–8. DOI: 10.1109/ICRTIT.2014.6996164.
  22. Govindarajan K, Meng KC, Ong H, Tat WM, Sivanand S, Leong LS. Realizing the quality of service (QoS) in software-defined networking (SDN) based cloud infrastructure. In: Telkom University. Proceedings of the 2nd International conference on information and communication technology (ICoICT); 2014 May 28–30; Bandung, Indonesia. [S. l.]: IEEE; 2014. p. 505–510. DOI: 10.1109/ICoICT.2014.6914113.
  23. Kotenko IV, Saenko IB, Kotsynyak MA, Lauta OS. Assessment of cyber-resilience of computer networks based on simulation of cyber attacks by the stochastic networks conversion method. SPIIRAS Proceedings. 2017;6(55):160–184. Russian. DOI: 10.15622/sp.55.7.
  24. Kotenko I, Saenko I, Lauta O. Modeling the impact of cyber attacks. In: Kott A, Linkov I, editors. Cyber resilience of systems and networks. Risk, systems and decisions. Cham: Springer; 2019. p. 135–169. DOI: 10.1007/978-3-319-77492-3_7.
  25. Lucero B, Viswanathan V, Linsey J, Turner C. Analysis of critical functionality for meta analogy via performance specification. Proceedings of the International design engineering technical conferences and computers and information in engineering conference. 2013;2A:DETC2013-13472. DOI: 10.1115/DETC2013-13472.
  26. Kochyn V. Conceptual model of complex integrated systems. In: Moscow Polytechnic University. Proceedings of the 2024 International Russian smart industry conference (SmartIndustryCon); 2024 March 24–30; Sochi, Russia. [S. l.]: IEEE; 2024. p. 740–745. DOI: 10.1109/SmartIndustryCon61328.2024.10516134.
  27. Kochyn VP, Zherelo AV. Designing a secure fail-safe cloud repository of paperworks of students and employees of educational institutions. Journal of the Belarusian State University. Mathematics and Informatics. 2021;3:104–108. DOI: 10.33581/2520-6508-2021-3-104-108.
  28. Kochyn VP. A model of complex integrated systems. Journal of the Belarusian State University. Mathematics and Informatics. 2024;1:71–78. Russian. EDN: NANGXU.

Downloads

Additional Files

Published

2024-12-16

Issue

No. 3 (2024): Journal of the Belarusian State University. Mathematics and Informatics

Section

Theoretical Foundations of Computer Science

License

The authors who are published in this journal agree to the following:

  1. The authors retain copyright on the work and provide the journal with the right of first publication of the work on condition of license Creative Commons Attribution-NonCommercial. 4.0 International (CC BY-NC 4.0).
  2. The authors retain the right to enter into certain contractual agreements relating to the non-exclusive distribution of the published version of the work (e.g. post it on the institutional repository, publication in the book), with the reference to its original publication in this journal.
  3. The authors have the right to post their work on the Internet (e.g. on the institutional store or personal website) prior to and during the review process, conducted by the journal, as this may lead to a productive discussion and a large number of references to this work. (See The Effect of Open Access.)

How to Cite

[1]
Kotenko, I.V. et al. 2024. Methodology for assessing the reliability of software-defined networks under computer attacks. Journal of the Belarusian State University. Mathematics and Informatics. 3 (Dec. 2024), 90–102.