New SDN-Oriented Distributed Network Security System

Fahad Nife , Zbigniew Kotulski , Omar Reyad


Software-Defined Network (SDN) is a network technology attempts to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.
Author Fahad Nife (FEIT / IT)
Fahad Nife,,
- The Institute of Telecommunications
, Zbigniew Kotulski (FEIT / IT)
Zbigniew Kotulski,,
- The Institute of Telecommunications
, Omar Reyad - Sohag University (NBE) [Sohag University]
Omar Reyad,,
Journal seriesApplied Mathematics & Information Sciences, ISSN 2325-0399 [1935-0090], (A 30 pkt)
Issue year2018
Publication size in sheets0.5
Keywords in EnglishSDN, Network Security, Stateful Firewall, 802.1x, Access Control Mechanism
ASJC Classification2604 Applied Mathematics; 1703 Computational Theory and Mathematics; 1706 Computer Science Applications; 2612 Numerical Analysis; 2603 Analysis
projectThe Develpment of Digital Communicatios. Project leader: Siuzdak Jerzy, , Phone: +48 22 234-7868, start date 07-06-2017, end date 30-11-2018, IT/2017/statut, Completed
WEiTI Działalność statutowa
Languageen angielski
2018 Fahad Kotulski New SDN-Oriented Distributed Network Security System.pdf 438.52 KB
Score (nominal)30
ScoreMinisterial score = 0.0, 15-04-2019, ArticleFromJournal
Ministerial score (2013-2016) = 30.0, 15-04-2019, ArticleFromJournal
Publication indicators Scopus Citations = 0; Scopus SNIP (Source Normalised Impact per Paper): 2016 = 0.635; WoS Impact Factor: 2013 = 1.232 (2) - 2013=1.204 (5)
Citation count*
Share Share

Get link to the record

* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.