Combined control and data plane robustness of SDN networks against malicious node attacks

Abstract

In the context of software-defined networking (SDN), we address a variant of the controller placement problem (CPP), which takes into account the network robustness at both control and data plane layers. For given maximum values of switch-controller and controller-controller delays at the regular state (i.e., when the network is fully operational), the aim is to maximize the network robustness against a set of failure states, each state defined as a possible malicious attack to multiple network nodes. We assume that the attacker knows the data plane topology and, therefore, can adopt either one of three commonly considered node centrality attacks (based on the node degree, closeness or betweenness centralities), or an attack to the nodes which are the optimal solution of the critical node detection (CND) problem. We propose a set of robustness metrics which are used to obtain the optimal solutions for the robust CPP variant. We present a set of computational results comparing the average delays and robustness values of the robust CPP solutions against those minimizing only the average switch-controller and controller-controller delays. Moreover, the impact of using the CND based attack in the robustness evaluation of CPP solutions is also assessed in the computational results.