Research Article
SDN Dynamic Access Control Scheme Based on Prediction
@INPROCEEDINGS{10.1007/978-3-030-19086-6_7, author={Qian Cui and Shihui Zheng and Bin Sun and Yongmei Cai}, title={SDN Dynamic Access Control Scheme Based on Prediction}, proceedings={Advanced Hybrid Information Processing. Second EAI International Conference, ADHIP 2018, Yiyang, China, October 5-6, 2018, Proceedings}, proceedings_a={ADHIP}, year={2019}, month={5}, keywords={Software defined networking OpenFlow application Flow entry prediction Network security}, doi={10.1007/978-3-030-19086-6_7} }- Qian Cui
Shihui Zheng
Bin Sun
Yongmei Cai
Year: 2019
SDN Dynamic Access Control Scheme Based on Prediction
ADHIP
Springer
DOI: 10.1007/978-3-030-19086-6_7
Abstract
Through research on the access control of software defined network (SDN) northbound interfaces, we found that malicious OpenFlow applications (OF applications) abuse the northbound interfaces with ADD permissions, which can cause the controllers function failure and other serious harm or even crash directly. Most previous studies of this issue, such as those resulting in the ControllerDAC scheme, set static thresholds; and did not find effective solutions to those problems. This paper analyzes the characteristics of the input flows and proposes an SDN dynamic access control scheme based on prediction and dynamic adjustment of the load threshold. By examining the access characteristics of the OF application, we use a prediction algorithm to determine whether the application will disrupt the API with ADD permissions. This algorithm enables us to perform targeted dynamic access control for different types of applications. Experimental results show that compared with the aforementioned ControllerDAC scheme, our scheme effectively reduces the malicious flow table rate and limits the delivery of malicious flow tables, and the extra delay generated by our scheme is less than 10%.