A comparative analysis of software-defined network controllers in terms of network forensics processes and capabilities

Home Page
About
Submit A Journal
Submit A Conference
Submit Paper/Book
- Submit a Preprint
- Submit a Book
Contact

Sigma Mühendislik ve Fen Bilimleri Dergisi
Volume:42 Issue:2
A comparative analysis of software-defined network controllers in terms of network forensics process...

A comparative analysis of software-defined network controllers in terms of network forensics processes and capabilities

Authors : Altuğ Çil, Mehmet Demirci

Pages : 425-437

Doi:10.14744/sigma.2022.00107

View : 36 | Download : 32

Publication Date : 2024-04-30

Article Type : Research Paper

Abstract :The proliferation of software-defined networks (SDN) increases the necessity of security and forensic research in this field. Network forensics is of particular importance considering the ever-increasing traffic density and variety of devices, and SDN has great potential for improved forensic processes thanks to its ability to provide a centralized view and control of the network. This article’s motivation is the lack of a standard forensic process in SDN. The main objective of this study is to examine the differences in the forensic processes of different SDN controllers, whether the southbound interface data is sufficient for the forensic processes, and whether it is possible to choose the best controller in terms of forensics. Four of the most widely used controllers have been selected and tested under seven different scenarios to ob-serve how the results were obtained in terms of forensics. During the tests, in addition to the routine data accesses, attack preparation tools and denial-of-service attack tools were used to expand the scope. Experiments in which each scenario was applied for four different controllers demonstrated that different controllers have different characteristics in network forensics parameters, such as attack type detection, attacker information, service interruptions, packet size, and the number of packets. Experiments proved that southbound interface data is sufficient for forensic processes, different controllers have different characteristics in forensic processes, none of the most used controllers is the best to cover all forensic processes, and a standard forensic method is required for software-defined network forensics.
Keywords : Computer Networks, Cyber Security, Forensics, Software Defined Networks, OpenFlow, Southbound Interface, Ryu, ONOS, OpenDaylight, POX

ORIGINAL ARTICLE URL

* There may have been changes in the journal, article,conference, book, preprint etc. informations. Therefore, it would be appropriate to follow the information on the official page of the source. The information here is shared for informational purposes. IAD is not responsible for incorrect or missing information.

Index of Academic Documents
İzmir Academy Association
CopyRight © 2023-2026