Research Article
A Fine-Grained Detection Mechanism for SDN Rule Collision
@INPROCEEDINGS{10.1007/978-3-030-19086-6_60, author={Qiu Xiaochen and Zheng Shihui and Gu Lize and Cai Yongmei}, title={A Fine-Grained Detection Mechanism for SDN Rule Collision}, proceedings={Advanced Hybrid Information Processing. Second EAI International Conference, ADHIP 2018, Yiyang, China, October 5-6, 2018, Proceedings}, proceedings_a={ADHIP}, year={2019}, month={5}, keywords={Software-defined network OpenFlow Flow table Collision detection and resolution}, doi={10.1007/978-3-030-19086-6_60} }- Qiu Xiaochen
Zheng Shihui
Gu Lize
Cai Yongmei
Year: 2019
A Fine-Grained Detection Mechanism for SDN Rule Collision
ADHIP
Springer
DOI: 10.1007/978-3-030-19086-6_60
Abstract
The rules issued by third-party applications may have direct violations or indirect violations with existing security flow rules in the SDN (software-defined network), thereby leading to the failure of security rules. Currently, existing methods cannot detect the rule collision in a comprehensive and fine-grained manner. This paper proposes a deep detection mechanism for rule collision that can detect grammatical errors in the flow rules themselves, and can also detect direct and indirect rule collisions between third-party and security applications based on the set intersection method. In addition, our mechanism can effectively and automatically resolve the rule collision. Finally, we implement the detection mechanism in the RYU controller, and use Mininet to evaluate the function and performance. The results show that the mechanism proposed in this paper can accurately detect the static, dynamic and dependency collisions of flow rules, and ensure that the decline of throughput of the northbound interface of the SDN network is controlled at 20%.