0bd4da91-80b1-4f9e-94fe-d2f19bcf1a9320220625063215053wseas:wseasmdt@crossref.orgMDT DepositInternational Journal of Applied Mathematics, Computational Science and Systems Engineering10.37394/232026https://wseas.com/journals/amcse/61820226182022410.37394/232026.2022.4https://wseas.com/journals/amcse/2022.phpWael HosnyFouad AlyCollege of Engineering and Technology American University of the Middle East KUWAITHassanKanjCollege of Engineering and Technology American University of the Middle East KUWAITNourMostafaCollege of Engineering and Technology American University of the Middle East KUWAITSamerAlabedCollege of Engineering and Technology American University of the Middle East KUWAITControl layers are moved away from the forwarding switching layers in Software Defined Networks. SDNs allow more programmability and flexibility to the controllers. OpenFlow is a protocol that gives access to the forwarding plane of a network switch or router over the SDN network. OpenFlow uses a centralized control of network switches and routers in SDN environment. Security is of a major importance for SDN deployment. Transport Layer Security (TLS) is be used to implement security for OpenFlow. This paper proposes a new technique to improve the security of the OpenFlow controller through modifying the TLS implementation. The proposed model is referred to as Secured Feedback model using Autoregressive Moving Average (ARMA) for SDN networks (SFBARMASDN). SFBARMASDN depends on computing the feedback for incoming packets based on ARMA models. Filtering techniques based on ARMA techniques are used to filter the packets and detect malicious packets to be dropped. SFBARMASDN is compared to two reference models. One reference model is based on Bayesian and the other reference model is the standard OpenFlow. Results are very promising. SFBARMASDN has outperformed both the secured standard using Bayesian network for SDN (SSBNSDN) and the standard OpenFlow in different scenarios by an average improvement of 7% and 80% respectively. The processing time overhead for the SFBARMASDN increases by only a percentage of 3% and 5% when compared to the SSBNSDN and the standard OpenFlow respectively.6252022625202221293https://wseas.com/journals/amcse/2022/a06amcse-5106-1624.pdf10.37394/232026.2022.4.3https://wseas.com/journals/amcse/2022/a06amcse-5106-1624.pdf10.1109/netsoft51509.2021.9492614M. Sjoholmsierchio, B. Hale, D. Lukaszewski, and G. Xie, “Strengthening sdn security: protocol dialecting and downgrade attacks,” in 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), pp. 321–329, IEEE, 2021. 10.1109/icecta.2017.8251995W. H. F. Aly, “Lbftfb fault tolerance mechanism for software defined networking,” in 2017 International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–5, IEEE, 2017. 10.1109/ems.2017.47W. H. F. Aly, “A novel fault tolerance mechanism for software defined networking,” in 2017 European Modelling Symposium (EMS), pp. 233–239, IEEE, 2017. 10.1109/atnac.2018.8615188W. H. F. Aly and Y. Kotb, “Towards sdn fault tolerance using petri-nets,” in 2018 28th International Telecommunication Networks and Applications Conference (ITNAC), pp. 1–3, IEEE, 2018. 10.1109/sds.2018.8370446W. H. F. Aly and A. M. A. Al-anazi, “Enhanced controller fault tolerant (ecft) model for software defined networking,” in 2018 Fifth International Conference on Software Defined Systems (SDS), pp. 217–222, IEEE, 2018. 10.1007/s11277-017-4939-zI. Z. Bholebawa and U. D. Dalal, “Performance analysis of sdn/openflow controllers: Pox versus floodlight,” Wireless Personal Communications, vol. 98, no. 2, pp. 1679–1699, 2018. 10.1155/2019/6808693W. H. F. Aly, “Generic controller adaptive load balancing (gcalb) for sdn networks,” Journal of Computer Networks and Communications, vol. 2019, 2019. 10.1109/icufn.2019.8805922W. H. F. Aly, “Controller adaptive load balancing for sdn networks,” in 2019 Eleventh International Conference on Ubiquitous and Future Networks (ICUFN), pp. 514–519, IEEE, 2019. Z. Cai, C. Hu, K. Zheng, Y. Xu, and Q. Fu, “Network security and management in sdn,” 2018. 10.1117/12.2511948Y. Wang, S. Liu, S. Zhang, Y. Huang, and K. Fan, “A filter algorithm based on arma model to suppress the influence of atmospheric disturbance in laser straightness measurement,” in Tenth International Symposium on Precision Engineering Measurements and Instrumentation, vol. 11053, pp. 667–675, SPIE, 2019. 10.1016/j.jnca.2020.102595J. C. C. Chica, J. C. Imbachi, and J. F. B. Vega, “Security in sdn: A comprehensive survey,” Journal of Network and Computer Applications, vol. 159, p. 102595, 2020. 10.1109/tnsm.2018.2815280W. Meng, K.-K. R. Choo, S. Furnell, A. V. Vasilakos, and C. W. Probst, “Towards bayesianbased trust management for insider attacks in healthcare software-defined networks,” IEEE Transactions on Network and Service Management, vol. 15, no. 2, pp. 761–773, 2018. C. Fernandez and J. Munoz, “Software defined ˜ networking (sdn) with open flow 1.3,” Open vSwitch and Ryu,(June 2010), vol. 183, 2016. 10.1016/j.jnca.2016.04.011W. Li, W. Meng, and L. F. Kwok, “A survey on openflow-based software defined networks: Security challenges and countermeasures,” Journal of Network and Computer Applications, vol. 68, pp. 126–139, 2016. 10.1109/pdcat.2016.064Y. Tseng, Z. Zhang, and F. Na¨ıt-Abdesselam, “Controllersepa: a security-enhancing sdn controller plug-in for openflow applications,” in 2016 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), pp. 268–273, IEEE, 2016. 10.1016/j.comcom.2017.05.002P. Song, Y. Liu, T. Liu, and D. Qian, “Controllerproxy: Scaling network management for largescale sdn networks,” Computer Communications, vol. 108, pp. 52–63, 2017. 10.1016/j.comnet.2016.03.005B. Xiong, K. Yang, J. Zhao, W. Li, and K. Li, “Performance evaluation of openflow-based software-defined networks based on queueing model,” Computer Networks, vol. 102, pp. 172– 185, 2016. 10.1109/etfa.2017.8247595L. Silva, P. Gonc¸alves, R. Marau, P. Pedreiras, and L. Almeida, “Extending openflow with flexible time-triggered real-time communication services,” in 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–8, IEEE, 2017. 10.1007/s40012-017-0171-yY. Watashiba, K. Ichikawa, H. Iida, et al., “Application-aware network: Network route management using sdn based on application characteristics,” CSI Transactions on ICT, vol. 5, no. 4, pp. 375–385, 2017. 10.1016/j.comnet.2017.04.002X. Qiu, K. Zhang, and Q. Ren, “Global flow table: A convincing mechanism for security operations in sdn,” Computer Networks, vol. 120, pp. 56–70, 2017. 10.1016/j.comcom.2017.05.018A. Craig, B. Nandy, I. Lambadaris, and P. Koutsakis, “Bloomflow: Openflow extensions for memory efficient, scalable multicast with multistage bloom filters,” Computer Communications, vol. 110, pp. 83–102, 2017. 10.1109/ithings-greencom-cpscom-smartdata.2017.88B. Agborubere and E. Sanchez-Velazquez, “Openflow communications and tls security in software-defined networks,” in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 560–566, IEEE, 2017. 10.1109/icsec.2018.8712754N. Sophakan and C. Sathitwiriyawong, “Securing openflow controller of software-defined networks using bayesian network,” in 2018 22nd International Computer Science and Engineering Conference (ICSEC), pp. 1–4, 2018.