Supervision : Thi-Mai-Trang NGUYEN
Co-supervision : PUJOLLE Guy
The recent trend toward Network Softwarization is driving an unprecedented techno-economic shift in the Telecom and ICT industries. By separating the hardware on which network functions/services run and the software that realizes and controls the network functions/services, Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are creating an open ecosystem that drastically reduces the cost of building networks and changes the way operators operate their networks. SDN and NFV paradigms add more flexibility and enable more control over networks, thus, related technologies are expected to dominate a large part of the networking market in the next few years (estimated at USD 3.68B in 2017 and forecasted by some to reach $54B by 2022 at a Compound Annual Growth Rate (CAGR) of 71.4% ).
However, one of the major operators’ concerns about Network Softwarization is security. In this thesis, we first have designed and implemented a pentesting (penetration testing) framework for SDN controllers. We have proposed a set of algorithms to fingerprint a remote SDN controller without having direct connection to it. Using our framework, network operators can evaluate the security of their SDN deployments (including Opendaylight, Floodlight and Cisco Open SDN Controller) before putting them into production. Second, we have studied the Topology Discovery problem in SDN controllers and discovered major security (as well as performance) issues around the current de-facto OpenFlow Topology Discovery Protocol (OFDP). In order to fix these major issues, we have designed and implemented a new secure and efficient OpenFlow Topology Discovery Protocol (called sOFTDP). sOFTDP requires minimal changes to the OpenFlow switch design and is shown to be more secure than previous workarounds on traditional OFDP. Also, sOFTDP outperforms OFDP by several orders of magnitude which we confirmed by extensive experiments.
The second axis of our research in this thesis is smart management in softwarized networks. Inspired by the recent breakthroughs in machine learning techniques, notably, Deep Neural Networks (DNNs), we have built a traffic engineering engine for SDN called NeuRoute, entirely based on DNNs. Current SDN/OpenFlow controllers use a default routing based on Dijkstra’s algorithm for shortest paths, and provide APIs to develop custom routing applications. NeuRoute is a controller-agnostic dynamic routing framework that (i) predicts traffic matrix in real time, (ii) uses a neural network to learn traffic characteristics and (iii) generates forwarding rules accordingly to optimize the network throughput. NeuRoute is composed of two main components: NeuTM and NeuRoute-TRU. NeuTM is a traffic matrix (TM) prediction framework that uses Long-Short Term Memory (LSTM) Neural Network architecture to learn long-range traffic dependencies and characteristics then accurately predicts future TMs. NeuRoute-TRU is a path selection engine that computes optimal paths for traffic matrices predicted by NeuTM. NeuRoute-TRU achieves the same results as the most efficient dynamic routing heuristic but in much less execution time.
Defence : 04/13/2018 - 14h30 - Campus Pierre et Marie Curie, 24-25/405
Nadjib AIT SAADI, ESIEE Paris [Rapporteur]
Olivier FESTOR), Telecom Nancy [Rapporteur]
Prosper CHEMOUIL , Orange Labs
Raouf BOUTABA Professeur, University of Waterloo, Canada
Igor Monteiro MORAES, Universidade Federal Fluminense, Brésil
Rami LANGAR Professeur, Université Paris-Est Marne-la-Vallée
Thi-Mai-Trang NGUYEN Maître de Conférence HDR , Sorbonne Université
Guy PUJOLLE Professeur, Sorbonne Université