Enhancing security of SDN focusing on control plane and data plane

Software-defined networks (SDN) have appeared as effective network technology, which is able to support the dynamic nature of future network functions and intelligent applications. On the other hand, the progress of the SDN is limited by various security threats. Analyzing the centralized nature of SDN, we found multiple potential vulnerabilities, which the attacker may use. Our solution covers a wider area, not just data plane, but also control plane security. The traffic, which is flowing through a data plane, could include various security threats. To detect them, we utilize OpenFlow possibilities and Machine Learning (ML) concept for the proposed Network Intrusion Detection System based on Deep Neural Network (NIDS-DNN). The solution can extract network statistics from OpenFlow switches (OF switches) and process them with DNN. The result is to warn about an attack on the data plane and to prevent malicious users from harming the network. For early detection of DoS/DDoS attacks aimed at controller, we present our solution - Specter, which changes the approach to the flow processing prioritization. Using priority queues ensures a better quality of service for legitimate users. To the best of our knowledge, our work is the first solution, which couple intrusion detection in the data plane with protection against DoS attacks in control plane.