Secured-OFS: A novel OpenFlow switch architecture with integrated security functions

Abstract

Although OpenFlow network protocol is a promising network approach with many advantages compared to traditional network approaches, it still suffers from network attacks. In this paper, we propose a novel architecture for an OpenFlow-based switch with associated multiple network security techniques, so-called Secured-OFS. The proposed Secured-OFS can not only function as a switch following the OpenFlow protocol but also help protect a network against many attack types. We implement the first FPGA-based prototype version of our proposed Secured-OFS using a Xilinx Virtex 5 xc5vtx240t device. In this first prototype version, we integrate two different DDoS defense techniques, Hop-Count Filtering and Port Ingress/Egress Filtering. The experimental results show that the switch not only fulfills the OpenFlow protocol but also be able to defense against DDoS attacks. The system achieves a maximum throughput at 19.729 Gbps while a 100% DDoS attack detection rate is obtained.