ABSTRACT
The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they
support programmable network and allow network administrators to have programmable central control of
network traffic via a controller. The controller and its communication with switches and users become a
malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN
and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow
message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at
service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon
platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN
security research.
Keywords: - OpenFlow; Software Defined Network; security