Skip to main content

Research Repository

Advanced Search

Tennison: A Distributed SDN Framework for Scalable Network Security

Fawcett, Lyndon; Scott-Hayward, Sandra; Broadbent, Matthew; Wright, Andrew; Race, Nicholas

Authors

Lyndon Fawcett

Sandra Scott-Hayward

Matthew Broadbent

Andrew Wright

Nicholas Race



Abstract

Despite the relative maturity of the Internet, the computer networks of today are still susceptible to attack. The necessary distributed nature of networks for wide area connectivity has traditionally led to high cost and complexity in designing and implementing secure networks. With the introduction of software-defined networks (SDNs) and network functions virtualization, there are opportunities for efficient network threat detection and protection. SDN's global view provides a means of monitoring and defense across the entire network. However, current SDN-based security systems are limited by a centralized framework that introduces significant control plane overhead, leading to the saturation of vital control links. In this paper, we introduce TENNISON, a novel distributed SDN security framework that combines the efficiency of SDN control and monitoring with the resilience and scalability of a distributed system. TENNISON offers effective and proportionate monitoring and remediation, compatibility with widely available networking hardware, support for legacy networks, and a modular and extensible distributed design. We demonstrate the effectiveness and capabilities of the TENNISON framework through the use of four attack scenarios. These highlight multiple levels of monitoring, rapid detection, and remediation, and provide a unique insight into the impact of multiple controllers on network attack detection at scale.

Journal Article Type Article
Acceptance Date Aug 20, 2018
Online Publication Date Sep 19, 2018
Publication Date 2018-12
Deposit Date Feb 8, 2022
Publicly Available Date Feb 8, 2022
Journal IEEE Journal on Selected Areas in Communications
Print ISSN 0733-8716
Electronic ISSN 1558-0008
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 36
Issue 12
Pages 2805-2818
DOI https://doi.org/10.1109/jsac.2018.2871313
Keywords SDN, monitoring, network security, distributed control, scalable security
Public URL http://researchrepository.napier.ac.uk/Output/2842558

Files




Downloadable Citations