A Centralized Reputation Management Scheme for Isolating Malicious Controller(s) in Distributed Software-Defined Networks

TL;DR

This paper introduces a centralized reputation management scheme to detect and isolate malicious controllers in distributed SDN environments, enhancing security by leveraging trust and controller ratings.

Contribution

It presents a novel trust-based reputation system that centrally manages controller evaluations to identify malicious behavior in distributed SDN controllers.

Findings

Effective detection of rogue controllers through reputation scores

Improved security in distributed SDN environments

Centralized reputation management reduces false positives

Abstract

Software-Defined Networks have seen an increasing in their deployment because they offer better network manageability compared to traditional networks. Despite their immense success and popularity, various security issues in SDN remain open problems for research. Particularly, the problem of securing the controllers in distributed environment is still short of any solutions. This paper proposes a scheme to identify any rogue/malicious controller(s) in a distributed environment. Our scheme is based on trust and reputation system which is centrally managed. As such, our scheme identifies any controllers acting maliciously by comparing the state of installed flows/policies with policies that should be installed. Controllers rate each other on this basis and report the results to a central entity, which reports it to the network administrator.