Skip to main content
Springer Nature Link
Log in

Enhancing the Security of Software-Defined Networking through Forensic Memory Analysis

  • Published:
Save article
View saved research
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The increasing complexity and dynamic nature of software-defined networking (SDN) environments pose significant challenges for network security. We propose a methodology for enhancing the security of SDN systems through the use of a well established technique in forensic sciences, the memory analysis, combined with techniques to identify memory modifications, such as signature validation and novelty detection. A proof of concept using a test environment consisting of virtual switches, connected in a ring topology, and hosts validated the proposed methodology. The results were able to demonstrate the capability of the proposed methodology to detect and mitigate unauthorized changes in network equipment, highlighting its potential to improve the security of SDN networks, and possible integration with other methodologies to further improve the security of SDN environments. Overall, the proposed methodology provides a new valuable tool for securing SDN networks, and brings research opportunities on the scalability and adaptability of the proposed solution.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Price includes VAT (Netherlands)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
The alternative text for this image may have been generated using AI.
Fig. 2
The alternative text for this image may have been generated using AI.
Fig. 3
The alternative text for this image may have been generated using AI.

Similar content being viewed by others

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.

Data Availability

No datasets were generated or analysed during the current study.

Notes

  1. https://opennetworking.org/onos/.

  2. https://www.docker.com/.

  3. https://www.openvswitch.org/.

References

  1. Brügge, F., Hasan, M., Kulezak, M., Lueth, K.L., Pasqua, E., Sinha, S., Wegner, P., Baviskar, K., Taparia, A.: State of IoT—Spring 2023 (2023)

  2. Caraguay, Leonardo Valdivieso, Peral, A.B., López, L.I.B., Villalba, L.J.G.: SDN: evolution and opportunities in the development IoT applications. Int. J. Distrib. Sens. Netw. 10(5), 735142 (2014). https://doi.org/10.1155/2014/735142

    Article  Google Scholar 

  3. Saraswat, S., Agarwal, V., Gupta, H.P., Mishra, R., Gupta, A., Dutta, T.: Challenges and solutions in software defined networking: a survey. J. Netw. Comput. Appl. 141, 23–58 (2019)

    Article  Google Scholar 

  4. Duan, Q., Toy, M.: Virtualized Software-defined Networks and Services. Artech House Communications and Network Engineering Series. Artech House, Boston (2017). http://search.ebscohost.com/login.aspx?direct=true&db=nlebk &AN=1511855 &lang=pt-br &site=ehost-live

  5. Ahmad, S., Mir, A.H.: Scalability, consistency, reliability and security in SDN controllers: a survey of diverse SDN controllers. J. Netw. Syst. Manag. 29, 1–59 (2021)

    Article  Google Scholar 

  6. Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: methods, practices, and solutions. Arab. J. Sci. Eng. 42, 425–441 (2017)

    Article  Google Scholar 

  7. Benzekki, K., Fergougui, A.E., Elalaoui, A.E.: Software-defined networking (SDN): a survey. Secur. Commun. Netw. 9, 5803–5833 (2016). https://doi.org/10.1002/sec.1737

    Article  Google Scholar 

  8. CeldrÃn, A., Karmakar, K., MÃrmol, F., Varadharajan, V.: Detecting and mitigating cyberattacks using software defined networks for integrated clinical environments. Peer-to-Peer Netw. Appl. 14, 2719–2734 (2021). https://doi.org/10.1007/s12083-021-01082-w

    Article  Google Scholar 

  9. Nunes, B.A.A., Mendonca, M., Nguyen, X.-N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014). https://doi.org/10.1109/SURV.2014.012214.00180. arxiv:1406.0440

    Article  Google Scholar 

  10. Chouikik, M., Ouaissa, M., Ouaissa, M., Boulouard, Z., Kissi, M.: Software-defined networking security: a comprehensive review. In: Big Data Analytics and Computational Intelligence for Cybersecurity, pp. 91–108 (2022)

  11. Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: a survey. IEEE Commun. Surv. Tutor. 17(4), 2317–2346 (2015). https://doi.org/10.1109/COMST.2015.2474118

    Article  Google Scholar 

  12. Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., Jin, H.: Toward automated attack discovery in SDN controllers through formal verification. IEEE Trans. Netw. Serv. Manag. 21(3), 3636–3655 (2024). https://doi.org/10.1109/TNSM.2024.3386404

    Article  Google Scholar 

  13. Haas, Z.J., Culver, T.L., Sarac, K.: Vulnerability challenges of software defined networking. IEEE Commun. Mag. 59(7), 88–93 (2021)

    Article  Google Scholar 

  14. Dhandapani, K.P., Thanganadar Thangathai, M., Hamead Haja Moinudeen, S.: A novel eviction policy based on shortest remaining time for software defined networking flow tables. Int. J. Netw. Manag. 34(3), 2257 (2024). https://doi.org/10.1002/nem.2257

  15. Santos, R., Souza, D., Santo, W., Ribeiro, A., Moreno, E.: Machine learning algorithms to detect DDoS attacks in SDN. Concurr. Comput. Pract. and Exp. 32(16), 5402 (2020)

    Article  Google Scholar 

  16. Yue, M., Yan, Q., Lu, Z., Wu, Z.: CCS: A cross-plane collaboration strategy to defend against LDoS attacks in SDN. IEEE Trans. Netw. Serv. Manag. 21(3), 3522–3536 (2024). https://doi.org/10.1109/TNSM.2024.3363490

    Article  Google Scholar 

  17. Chica, J.C.C., Imbachi, J.C., Vega, J.F.B.: Security in SDN: a comprehensive survey. J. Netw. Comput. Appl. 159, 102595 (2020)

    Article  Google Scholar 

  18. Hakiri, A., Dezfouli, B.: Towards a blockchain-SDN architecture for secure and trustworthy 5G massive IoT networks. In: Proceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, pp. 11–18 (2021)

  19. Monshizadeh, M., Khatri, V., Kantola, R.: An adaptive detection and prevention architecture for unsafe traffic in SDN enabled mobile networks. In: 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 883–884. IEEE (2017)

  20. Monshizadeh, M., Khatri, V., Kantola, R.: Detection as a service: an SDN application. In: 2017 19th International Conference on Advanced Communication Technology (ICACT), pp. 285–290. IEEE (2017)

  21. Shao, Z., Zhu, X., Chikuvanyanga, A.M., Zhu, H.: Blockchain-based SDN security guaranteeing algorithm and analysis model. In: Wireless and Satellite Systems: 10th EAI International Conference, WiSATS 2019, Harbin, China, January 12–13, 2019, Proceedings, Part II 10, pp. 348–362. Springer, Berlin (2019)

  22. Ibrahim, J., Gajin, S.: SDN-based intrusion detection system. Infoteh Jahorina 16, 621–624 (2017)

    Google Scholar 

  23. Adeniji, O.D., Adekeye, D.B., Ajagbe, S.A., Adesina, A.O., Oguns, Y.J., Oladipupo, M.A.: Development of DDoS attack detection approach in software defined network using support vector machine classifier. In: Pervasive Computing and Social Networking: Proceedings of ICPCSN 2022, pp. 319–331. Springer, Salem (2022)

  24. Alhijawi, B., Almajali, S., Elgala, H., Salameh, H.B., Ayyash, M.: A survey on DoS/DDoS mitigation techniques in SDNs: classification, comparison, solutions, testing tools and datasets. Comput. Electr. Eng. 99, 107706 (2022)

    Article  Google Scholar 

  25. Aslam, N., Srivastava, S., Gore, M.: ONOS flood defender: an intelligent approach to mitigate DDoS attack in SDN. Trans. Emerg. Telecommun. Technol. 33(9), 4534 (2022)

    Article  Google Scholar 

  26. Elsayed, M.S., Jahromi, H.Z., Nazir, M.M., Jurcut, A.D.: The role of CNN for intrusion detection systems: an improved CNN learning approach for SDNs. In: International Conference on Future Access Enablers of Ubiquitous and Intelligent Infrastructures, pp. 91–104. Springer, Berlin (2021)

  27. Golchin, P., Zhou, C., Agnihotri, P., Agnihotri, P., Hajizadeh, M., Kundel, R., Steinmetz, R.: Cml-ids: enhancing intrusion detection in SDN through collaborative machine learning. In: 2023 19th International Conference on Network and Service Management (CNSM), pp. 1–9 (2023). https://doi.org/10.23919/CNSM59352.2023.10327863

  28. Yang, X., Wang, D., Tang, W., Feng, W., Zhu, C.: IPsec cryptographic algorithm invocation considering performance and security for SDN southbound interface communication. IEEE Access 8, 181782–181795 (2020). https://doi.org/10.1109/ACCESS.2020.3028603

    Article  Google Scholar 

  29. Scaranti, G.F., Carvalho, L.F., Barbon, S., Lloret, J., Proença, M.L.: Unsupervised online anomaly detection in software defined network environments. Expert Syst. Appl. 191, 116225 (2022). https://doi.org/10.1016/j.eswa.2021.116225

    Article  Google Scholar 

  30. Ali, J., Roh, B.: Management of software-defined networking powered by artificial intelligence (2022). https://doi.org/10.5772/intechopen.97197

  31. Latah, M.: Artificial intelligence enabled software defined networking: a comprehensive overview (2018) https://doi.org/10.48550/arxiv.1803.06818

  32. Wu, Y., Hwang, P., Hwang, W., Cheng, M.: Artificial intelligence enabled routing in software defined networking. Appl. Sci. 10, 6564 (2020). https://doi.org/10.3390/app10186564

    Article  Google Scholar 

  33. Jasinski, A., Qiao, Y., Fallon, E., Flynn, R.: Natural language processing applied to dynamic workflow generation for network management. In: NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, pp. 1–6 (2022). https://doi.org/10.1109/NOMS54207.2022.9789709

  34. Silva Eleutério, P.M., Machado, M.P.: Desvendando a Computação forense. Novatec Editora, São Paulo (2019)

  35. Yang, S., Wang, L., Zhang, S., Zhao, D., Xu, L.: A method for acquiring network information from Linux memory image in software-defined networking. J. Internet Technol. 21(3), 899–908 (2020)

    Google Scholar 

  36. Purnaye, P., Kulkarni, V.: A comprehensive study of cloud forensics. Arch. Comput. Methods Eng. 29(1), 33–46 (2022)

    Article  Google Scholar 

  37. Waseem, Q., Alshamrani, S.S., Nisar, K., Wan Din, W.I.S., Alghamdi, A.S.: Future technology: software-defined network (SDN) forensic. Symmetry 13(5) (2021). https://doi.org/10.3390/sym13050767

  38. Nam, S., Jeong, E., Hong, J., Yoo, J.-H., Hong, J.W.-K.: Log analysis and prediction for anomaly detection in network switches. In: 2023 19th International Conference on Network and Service Management (CNSM), pp. 1–7 (2023). https://doi.org/10.23919/CNSM59352.2023.10327879

  39. Achleitner, S., La Porta, T., Jaeger, T., McDaniel, P.: Adversarial network forensics in software defined networking. In: Proceedings of the Symposium on SDN Research. SOSR’17, pp. 8–20. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3050220.3050223

  40. Leichtnam, L., Totel, E., Prigent, N., Mé, L.: Novelty detection on graph structured data to detect network intrusions. In: CAID 2020-Conference on Artificial Intelligence for Defense (2020)

  41. Cui, J., Zhang, J., He, J., Zhong, H., Lu, Y.: DDoS detection and defense mechanism for SDN controllers with k-means. In: 2020 IEEE/ACM 13th International Conference on Utility and Cloud Computing (UCC), pp. 394–401 (2020). https://doi.org/10.1109/UCC48980.2020.00062

  42. Salaria, S., Arora, S., Goyal, N., Goyal, P., Sharma, S.: Implementation and analysis of an improved PCA technique for DDoS detection. In: 2020 IEEE 5th International Conference on Computing Communication and Automation (ICCCA), pp. 280–285 (2020). https://doi.org/10.1109/ICCCA49541.2020.9250912

  43. Makuvaza, A., Jat, D.S., Gamundani, A.M.: Deep neural network (DNN) solution for real-time detection of distributed denial of service (DDoS) attacks in software defined networks (SDNs). SN Comput. Sci. 2, 1–10 (2021)

    Article  Google Scholar 

  44. Priyadarshini, I., Mohanty, P., Alkhayyat, A., Sharma, R., Kumar, S.: SDN and application layer DDoS attacks detection in IoT devices by attention-based BI-LSTM-CNN. Trans. Emerg. Telecommun. Technol. n/a(n/a), 4758 (2023). https://doi.org/10.1002/ett.4758. https://onlinelibrary.wiley.com/doi/pdf/10.1002/ett.4758

  45. Wang, H., Li, W.: DDosTC: A transformer-based network attack detection hybrid mechanism in SDN. Sensors 21(15) (2021). https://doi.org/10.3390/s21155047

  46. Umar, R., Riadi, I., Kusuma, R.S.: Mitigating sodinokibi ransomware attack on cloud network using software-defined networking (SDN). Int. J. Saf. Secur. Eng. 11(3), 239–246 (2021)

    Article  Google Scholar 

  47. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: Enabling innovation in campus networks. SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008). https://doi.org/10.1145/1355734.1355746

    Article  Google Scholar 

Download references

Acknowledgements

The SecureCloud Project was funded by the Brazilian Ministry of Science Technology and Communications, the European Commission and the Swiss State Secretariat for Education, Research and Innovation through the Horizon 2020 Program, in the 3rd Brazil-Europe coordinated call. This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior–Brasil (CAPES)–Finance Code 001

Author information

Author notes

  1. Thiago dos Santos Cavali, Keiko Verônica Ono Fonseca, Mauro Sergio Pereira Fonseca and Rubens Alexandre de Faria contributed equally to this work.

Authors and Affiliations

  1. Graduate Program in Electrical and Computer Engineering, Federal University of Technology, Sete de Setembro Avenue, 3165, Curitiba, Paraná, 80230-901, Brazil

    Filipe Augusto da Luz Lemos, Thiago dos Santos Cavali, Keiko Verônica Ono Fonseca, Mauro Sergio Pereira Fonseca & Rubens Alexandre de Faria

Authors
  1. Filipe Augusto da Luz Lemos
    View author publications

    Search author on:PubMed Google Scholar

  2. Thiago dos Santos Cavali
    View author publications

    Search author on:PubMed Google Scholar

  3. Keiko Verônica Ono Fonseca
    View author publications

    Search author on:PubMed Google Scholar

  4. Mauro Sergio Pereira Fonseca
    View author publications

    Search author on:PubMed Google Scholar

  5. Rubens Alexandre de Faria
    View author publications

    Search author on:PubMed Google Scholar

Contributions

F.A.L.L. proposed the security concept. F.A.L.L and T.S.C. wrote the main manuscript text and F.A.L.L prepared all figures. All authors reviewed the manuscript. All authors contributed to this work.

Corresponding author

Correspondence to Filipe Augusto da Luz Lemos.

Ethics declarations

Conflict of interest

The authors declare no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

da Luz Lemos, F.A., dos Santos Cavali, T., Fonseca, K.V.O. et al. Enhancing the Security of Software-Defined Networking through Forensic Memory Analysis. J Netw Syst Manage 32, 82 (2024). https://doi.org/10.1007/s10922-024-09862-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Version of record:

  • DOI: https://doi.org/10.1007/s10922-024-09862-4

Keywords

Profiles

  1. Thiago dos Santos Cavali View author profile