Research Article
CloudSDN: Enabling SDN Framework for Security and Threat Analytics in Cloud Networks
@INPROCEEDINGS{10.1007/978-3-030-20615-4_12, author={Prabhakar Krishnan and Krishnashree Achuthan}, title={CloudSDN: Enabling SDN Framework for Security and Threat Analytics in Cloud Networks}, proceedings={Ubiquitous Communications and Network Computing. Second EAI International Conference, Bangalore, India, February 8--10, 2019, Proceedings}, proceedings_a={UBICNET}, year={2019}, month={5}, keywords={SDN NFV DDoS Intrusion Detection Systems (IDS) Intrusion Prevention Systems (IPS) Cloud OpenStack Network security}, doi={10.1007/978-3-030-20615-4_12} }
- Prabhakar Krishnan
Krishnashree Achuthan
Year: 2019
CloudSDN: Enabling SDN Framework for Security and Threat Analytics in Cloud Networks
UBICNET
Springer
DOI: 10.1007/978-3-030-20615-4_12
Abstract
The “Software-Defined Networking (SDN), Network Function Virtualization (NFV)” are recent network paradigms and “OpenStack”, a widely deployed Cloud management platform. The goal of this presented research work is to integrate the SDN, NFV into OpenStack based Cloud platform, draw practical insights in their inter-play, to solve the problems in the Cloud network orchestration and applications security. We review key prior works in this intersection of SDN, NFV and Cloud computing domain. The OpenStack based Cloud deployment integrates SDN through its Neutron module, which has major practical limitations with respect to scalability, security and resiliency. Aiming at some critical problems and overall Cloud security, we postulate certain SDN scheme that can distribute its own Network Function (NF) agents across the dataplane and deploy applications across the control plane that centralizes the network management and orchestration. A novel security scheme for Cloud Networks “CloudSDN”, enabling SDN framework for Cloud security is proposed and implemented, addressing some well-known security issues in Cloud networks. We demonstrate the efficacy of the attack detection and mitigation system, under Distributed Denial of Service (DDoS) attacks on the Cloud infrastructure and on to downstream servers as well. We also present a comparative study with legacy security approaches and with classical SDN implementations. We also share our future perspectives on exploiting the myriad of features of SDN such as global view, distributed control, network abstractions, programmability and mitigating its security issues.