Design and Analysis of New Source Address Validation Architecture for its Application in Software Defined Networking

Abstract

Recognition of Software Defined Network (SDN) is increasing rapidly, and enterprise newlinenetworks are using it to obtain the benefits of its features. Data and Control planes are separated newlinein SDN, and ordinary forwarding devices with support of OpenFlow protocol are utilised to newlinesend data planes. The SDN controller has taken the liability of control plane of the network. newlineTraffic that is originated by origin host and sent to target host by seeing the target address of newlinesuch traffic without checking origin host address. The controller controls the flow of traffic by newlineinstalling necessary flow rules into forwarding device flow table. In the beginning, forwarding newlinedevices do not contain any control and defense, and they are unable to forward traffic newlineoriginated by attached users. The forwarding devices send the data packets of linked users to newlinethe controller for the origination of control packets and install required flow rules into the newlineflow table. The attacker initiates origin-address forging attacks taking advantage of such newlinecondition and carries out various kinds of attacks. There are a few techniques proposed by newlineresearchers for prevention and alleviation from such attacks. However, these approaches are newlinenot able to provide a proactive solution for source address forging attacks and have some newlinegaps. With this, we have proposed Source Internet Protocol Address Validation for Software newlineDefined Networks (SIPAV-SDN) and Source Host Address Validation in SDN with Instant newlineFlow Entries (SHAVSIFE) approaches as a proactive solution for such attacks. etc.