Security Evaluation in Software-Defined Networks
- URL: http://arxiv.org/abs/2408.11486v1
- Date: Wed, 21 Aug 2024 09:56:14 GMT
- Title: Security Evaluation in Software-Defined Networks
- Authors: Igor Ivkić, Dominik Thiede, Nicholas Race, Matthew Broadbent, Antonios Gouglidis,
- Abstract summary: Cloud computing has led to a significant increase in Data Centre (DC) network requirements.
Traditional DCs are struggling to meet the flexible, centrally managed requirements of cloud computing applications.
This article presents a framework for evaluating security of Software-Defined Networks (SDN)
- Score: 1.9713190626298576
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cloud computing has grown in importance in recent years which has led to a significant increase in Data Centre (DC) network requirements. A major driver of this change is virtualisation, which allows computing resources to be deployed on a large scale. However, traditional DCs, with their network topology and proliferation of network endpoints, are struggling to meet the flexible, centrally managed requirements of cloud computing applications. Software-Defined Networks (SDN) promise to offer a solution to these growing networking requirements by separating control functions from data routing. This shift adds more flexibility to networks but also introduces new security issues. This article presents a framework for evaluating security of SDN architectures. In addition, through an experimental study, we demonstrate how this framework can identify the threats and vulnerabilities, calculate their risks and severity, and provide the necessary measures to mitigate them. The proposed framework helps administrators to evaluate SDN security, address identified threats and meet network security requirements.
Related papers
- Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - A Survey on the Application of Generative Adversarial Networks in Cybersecurity: Prospective, Direction and Open Research Scopes [1.3631461603291568]
Generative Adversarial Networks (GANs) have emerged as powerful solutions for addressing the constantly changing security issues.
This survey studies the significance of the deep learning model, precisely on GANs, in strengthening cybersecurity defenses.
The focus is to examine how GANs can be influential tools to strengthen cybersecurity defenses in these domains.
arXiv Detail & Related papers (2024-07-11T19:51:48Z) - Securing Distributed Network Digital Twin Systems Against Model Poisoning Attacks [19.697853431302768]
Digital twins (DTs) embody real-time monitoring, predictive, and enhanced decision-making capabilities.
This study investigates the security challenges in distributed network DT systems, which potentially undermine the reliability of subsequent network applications.
arXiv Detail & Related papers (2024-07-02T03:32:09Z) - Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
We investigate the security implications of and software-based Open Radio Access Network (RAN) systems.
We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
arXiv Detail & Related papers (2024-05-03T07:18:45Z) - Differentiated Security Architecture for Secure and Efficient Infotainment Data Communication in IoV Networks [55.340315838742015]
Negligence on the security of infotainment data communication in IoV networks can unintentionally open an easy access point for social engineering attacks.
In particular, we first classify data communication in the IoV network, examine the security focus of each data communication, and then develop a differentiated security architecture to provide security protection on a file-to-file basis.
arXiv Detail & Related papers (2024-03-29T12:01:31Z) - Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective.
We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks.
Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z) - A Study on the Security Requirements Analysis to build a Zero Trust-based Remote Work Environment [2.1961544533969257]
This paper proposes detailed security requirements based on the Zero Trust model and conducts security analyses of various cloud services accordingly.
As a result of the security analysis, we proposed potential threats and countermeasures for cloud services with Zero Trust.
arXiv Detail & Related papers (2024-01-08T05:50:20Z) - Causal Reasoning: Charting a Revolutionary Course for Next-Generation
AI-Native Wireless Networks [63.246437631458356]
Next-generation wireless networks (e.g., 6G) will be artificial intelligence (AI)-native.
This article introduces a novel framework for building AI-native wireless networks; grounded in the emerging field of causal reasoning.
We highlight several wireless networking challenges that can be addressed by causal discovery and representation.
arXiv Detail & Related papers (2023-09-23T00:05:39Z) - Enhancing Network Resilience through Machine Learning-powered Graph
Combinatorial Optimization: Applications in Cyber Defense and Information
Diffusion [0.0]
This thesis focuses on developing effective approaches for enhancing network resilience.
Existing approaches for enhancing network resilience emphasize on determining bottleneck nodes and edges in the network.
This thesis aims to design effective, efficient and scalable techniques for discovering bottleneck nodes and edges in the network.
arXiv Detail & Related papers (2023-09-22T01:48:28Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - Methods and Techniques for Dynamic Deployability of Software-Defined
Security Services [0.0]
This thesis investigates the challenges of provisioning network security services in "softwarised" networks.
The study is approached from the perspective of the telecom operator, whose goal is to protect the customers from network threats.
The overall aim of the research presented in this thesis is proposing novel techniques for optimising the resource usage of software-based security services.
arXiv Detail & Related papers (2020-04-04T16:04:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.