Andrzej Kamisinski

FlowMon: Detecting Malicious Switches in Software-Defined Networks

Software-Defined Networking (SDN) introduces a new communication network management paradigm and has gained much attention recently. In SDN, a network controller overlooks and manages the entire network by configuring routing mechanisms for underlying switches. The switches report their status to the controller periodically, such as port statistics and flow statistics, according to their communication protocol. However, switches may contain vulnerabilities that can be exploited by attackers. A compromised switch may not only lose its normal functionality, but it may also maliciously paralyze the network by creating network congestions or packet loss. Therefore, it is important for the system to be able to detect and isolate malicious switches. In this work, we investigate a methodology for an SDN controller to detect compromised switches through real-time analysis of the periodically collected reports. Two types of malicious behavior of compromised switches are investigated: packet dropping and packet swapping. We proposed two anomaly detection algorithms to detect packet droppers and packet swappers. Our simulation results show that our proposed methods can effectively detect packet droppers and swappers. To the best of our knowledge, our work is the first to address malicious switches detection using statistics reports in SDN.

A survey on methods to provide interdomain multipath transmissions

Interdomain routing relies on BGP, which does not allow multipath transmissions. Since there is usually more than one path between any pair of nodes on the Internet, it would be beneficial to have the possibility of using them at the same time. Over the years, many solutions have appeared.In this survey, we show how 17 different approaches suggest solutions for providing interdomain multipath transmission. We divide presented mechanisms based on their relevance, starting from the most significant (assessed subjectively based on publications) and already available (implemented). Firstly, all the mechanisms are presented at a glance. Afterwards, each mechanism is described in more details. After a coherent presentation of each approach, they are compared, contrasted, and subjectively assessed. The comparison criteria include proposal visibility, additional signalling, mechanism complexity, time scale of operation, provided routing type, and path choice entities or path setup procedure. The goal of the survey is to show that there are numerous approaches to providing interdomain multipath transmissions in current IP-based networks.

A Fault-Tolerant and Consistent SDN Controller

Software-Defined Networking (SDN) is a new paradigm that promises to enhance network flexibility and innovation. However, operators need to thoroughly assess its advantages and threats before they can implement it. Robustness and fault tolerance are among the main criteria to be considered in such assessment. The currently available SDN controllers offer different fault tolerance mechanisms, but there are still many open issues, especially regarding the trade-off between consistency and performance in a fault- tolerant SDN platform. In this paper, we describe existing fault-tolerant SDN controller solutions, and propose a mechanism to design a consistent and fault-tolerant Master-Slave SDN controller that is able to balance consistency and performance. The main objective of this paper is to bring the performance of an SDN Master-Slave controller as close as possible to the one offered by a single controller. This is obtained by introducing a simple replication scheme, combined with a consistency check and a correction mechanism, that influence the performance only during the few intervals when it is needed, instead of being active during the entire operation time.

Availability Modelling of Software-Defined Backbone Networks

Software-Defined Networking (SDN) promises to improve the programmability and flexibility of networks, but it may also bring new challenges that need to be explored. The main objective of this paper is to present a quantitative assessment of the properties of SDN backbone networks to determine whether they can provide similar availability to the traditional IP backbone networks. To achieve this goal, we have completed the following steps: i) we formalized a two-level availability model that is able to capture the global network connectivity without neglecting the essential details: ii) we proposed Markov models for characterizing the single network elements in both SDN and traditional networks: iii) we carried out an extensive sensitivity analysis of a~national and a~world-wide backbone networks. The results have highlighted the considerable impact of operational and management (O&M) failures on the overall availability of SDN. High O&M failure intensity may reduce the availability of SDN as much as one order of magnitude compared to traditional networks. Moreover, the results show that the impact of software and hardware failures on the overall availability of SDN can be significantly reduced through proper overprovisioning of the SDN controller(s).

Two Rerouting-Based Congestion Control Algorithms for Centrally Managed Flow-Oriented Networks

The evolution of the Internet and fiber-optic technologies has created new opportunities in terms of availability of different network services. The increasing demand for capacity, combined with strong reliability requirements, defines new challenges in the area of network management and design. Today, several users share the limited network resources, which may lead to frequent link congestions in communication networks. Therefore, we propose two effective solutions to respond to link congestions in centrally managed flow-oriented IP networks, such as software-defined networks. We verify their performance through simulation using a real backbone network topology and conclude that as long as enough resources are available in the network, the presented algorithms have the potential to reduce the number of fully loaded links in the network.

Assessing the risk of violating SLA dependability requirements in software-defined networks

Dependability of computer and communication networks is an important aspect of the customer-provider relationship in the telecommunication industry. Considering the increasing interest in Software-Defined Networking (SDN) technologies, as well as unclear understanding of dependability in the context of traffic flows in such networks, it is not clear how to define the related objectives in Service Level Agreements (SLAs), and how to estimate the risk of violation of the included dependability requirements. In this paper, we present a solution to both issues and we evaluate it in different scenarios by simulation. The results show that the proposed method is feasible and may help service providers to select the preferred recovery technique in SDN based on the estimated risk of violation of the SLA dependability requirements and known Service Level Objectives (SLOs).

Assessing the Structural Complexity of Computer and Communication Networks

In this tutorial, 17 structural complexity indices are presented and compared, each representing one of the following categories: adjacency- and distance-based metrics, Shannon entropy-based metrics, product measures, subgraph-based metrics, and path- and walk-based metrics. The applicability of these indices to computer and communication networks is evaluated with the aid of different elementary, specifically designed, random, and real network topologies. On the grounds of the evaluation study, advantages and disadvantages of particular metrics are identified. In addition, their general properties and runtimes are assessed, and a general view on the structural network complexity is presented.