An approach for detecting encrypted insider attacks on OpenFlow SDN Networks

Data traffic on the Internet is growing continuously due to the high number of connected devices and increased number of applications and transactions performed online. To ensure information security, integrity and confidentiality, cryptography is applied over transmitted or stored data. Hence, even if an attacker capture data packets, its reading is hampered or not even possible. However, an attacker can also use cryptography to mask an attack in order to avoid detection, for example, by an Intrusion Detection System (IDS). Recent studies in network technologies introduced a new paradigm called Software Defined Networking (SDN). By decoupling data and control plans, the SDN architecture allows centralizing the network management, intelligence and control into a single point, called Controller. The OpenFlow protocol, widely adopted in SDN, provides specific messages to get statistical information of an OpenFlow switch. A Controller can request this information, which enables the development of new IDS models to detect encrypted attacks. In this work, we intend to identify encrypted insider attacks in SDN by developing a new IDS approach that can detect encrypted attacks.