SDN Application Perils: Analytics-Enhanced Automated Verification for Reliability, Performance & Security

  • Jagadeesan L.
  • Mendiratta V.

Software-defined networking (SDN) enables networks to be programmed and dynamically modified through software-based network applications and services. Applications can be deployed into operational SDN networks, replacing middle-boxes, and have tremendous power to impact and potentially compromise network behaviors, significantly affecting network reliability, performance, and security. To protect SDN networks, it is imperative to detect subtle faulty or malicious application behaviors prior to application deployment. Automated code verification based on software model checking provides promise for early identification of such behaviors, but faces inherent challenges w.r.t. scalability, soft real-time behaviors, and pre-specified thresholds. We describe an approach that enhances automated verification with machine learning-based analytics to detect and identify faulty and/or malicious behaviors of reactive SDN applications that can compromise network reliability, performance, and security. A novel aspect of our work is that our analytics algorithms learn on information provided by automated verification, together with real-time application inputs and outputs, in order to identify anomalous execution paths of reactive applications that may compromise the underlying SDN network. Our approach is agnostic with respect to underlying network topologies. We demonstrate our approach with a proof-of-concept case study on reactive applications for the ONOS open-source SDN network operating system.

Recent Publications

August 09, 2017

A Cloud Native Approach to 5G Network Slicing

  • Francini A.
  • Miller R.
  • Sharma S.

5G networks will have to support a set of very diverse and often extreme requirements. Network slicing offers an effective way to unlock the full potential of 5G networks and meet those requirements on a shared network infrastructure. This paper presents a cloud native approach to network slicing. The cloud ...

August 01, 2017

Modeling and simulation of RSOA with a dual-electrode configuration

  • De Valicourt G.
  • Liu Z.
  • Violas M.
  • Wang H.
  • Wu Q.

Based on the physical model of a bulk reflective semiconductor optical amplifier (RSOA) used as a modulator in radio over fiber (RoF) links, the distributions of carrier density, signal photon density, and amplified spontaneous emission photon density are demonstrated. One of limits in the use of RSOA is the lower ...

July 12, 2017

PrivApprox: Privacy-Preserving Stream Analytics

  • Chen R.
  • Christof Fetzer
  • Le D.
  • Martin Beck
  • Pramod Bhatotia
  • Thorsten Strufe

How to preserve users' privacy while supporting high-utility analytics for low-latency stream processing? To answer this question: we describe the design, implementation and evaluation of PRIVAPPROX, a data analytics system for privacy-preserving stream processing. PRIVAPPROX provides three properties: (i) Privacy: zero-knowledge privacy (ezk) guarantees for users, a privacy bound tighter ...