The recent trend toward Network Softwarization is driving an unprecedented techno-economic shift in the Telecom and ICT industries. By separating the hardware on which network functions/services run and the software that realizes and controls the network functions/services, Software-Defined Networking (SDN) and Network Function Virtualization (NFV) are creating an open ecosystem that drastically reduces the cost of building networks and changes the way operators operate their networks. SDN and NFV paradigms add more flexibility and enable more control over networks, thus, related technologies are expected to dominate a large part of the networking market in the next few years (estimated at USD 3.68B in 2017 and forecasted by some to reach $54B by 2022 at a Compound Annual Growth Rate (CAGR) of 71.4% ).
However, one of the major operators’ concerns about Network Softwarization is security. In this thesis, we first have designed and implemented a pentesting (penetration testing) framework for SDN controllers. We have proposed a set of algorithms to fingerprint a remote SDN controller without having direct connection to it. Using our framework, network operators can evaluate the security of their SDN deployments (including Opendaylight, Floodlight and Cisco Open SDN Controller) before putting them into production. Second, we have studied the Topology Discovery problem in SDN controllers and discovered major security (as well as performance) issues around the current de-facto OpenFlow Topology Discovery Protocol (OFDP). In order to fix these major issues, we have designed and implemented a new secure and efficient OpenFlow Topology Discovery Protocol (called sOFTDP). sOFTDP requires minimal changes to the OpenFlow switch design and is shown to be more secure than previous workarounds on traditional OFDP. Also, sOFTDP outperforms OFDP by several orders of magnitude which we confirmed by extensive experiments.
The second axis of our research in this thesis is smart management in softwarized networks. Inspired by the recent breakthroughs in machine learning techniques, notably, Deep Neural Networks (DNNs), we have built a traffic engineering engine for SDN called NeuRoute, entirely based on DNNs. Current SDN/OpenFlow controllers use a default routing based on Dijkstra’s algorithm for shortest paths, and provide APIs to develop custom routing applications. NeuRoute is a controller-agnostic dynamic routing framework that (i) predicts traffic matrix in real time, (ii) uses a neural network to learn traffic characteristics and (iii) generates forwarding rules accordingly to optimize the network throughput. NeuRoute is composed of two main components: NeuTM and NeuRoute-TRU. NeuTM is a traffic matrix (TM) prediction framework that uses Long-Short Term Memory (LSTM) Neural Network architecture to learn long-range traffic dependencies and characteristics then accurately predicts future TMs. NeuRoute-TRU is a path selection engine that computes optimal paths for traffic matrices predicted by NeuTM. NeuRoute-TRU achieves the same results as the most efficient dynamic routing heuristic but in much less execution time.
Defence : 04/13/2018 - 14h30 - Campus Pierre et Marie Curie, 24-25/405
Jury members :
Nadjib AIT SAADI, ESIEE Paris [Rapporteur]
Olivier FESTOR), Telecom Nancy [Rapporteur]
Prosper CHEMOUIL , Orange Labs
Raouf BOUTABA Professeur, University of Waterloo, Canada
Igor Monteiro MORAES, Universidade Federal Fluminense, Brésil
Rami LANGAR Professeur, Université Paris-Est Marne-la-Vallée
Thi-Mai-Trang NGUYEN Maître de Conférence HDR , Sorbonne Université
Guy PUJOLLE Professeur, Sorbonne Université
- M. Bah, A. Azzouni, Th.‑M.‑T. Nguyen, G. Pujolle : “Topology Discovery Performance Evaluation of OpenDaylight and ONOS controllers”, 22nd Conference on Innovation in Clouds, Internet and Networks (IEEE-ICIN 2019), Paris, France (2019)
- A. Azzouni : “Softwarisation sécurisée et intelligente des réseaux”, thesis, defence 04/13/2018, supervision Nguyen, Thi-Mai-Trang, rapporteurs : PUJOLLE Guy (2018)
- A. Azzouni, G. Pujolle : “NeuTM: A neural network-based framework for traffic matrix prediction in SDN”, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, Province of China, pp. 1-5, (IEEE) (2018)
- A. Azzouni, R. Boutaba, Th.‑M.‑T. Nguyen, G. Pujolle : “sOFTDP: Secure and Efficient OpenFlow Topology Discovery Protocol”, IEEE/IFIP Network Operations and Management Symposium (NOMS), Taipei, Taiwan, Province of China, (IEEE) (2018)
- A. Azzouni, R. Boutaba, G. Pujolle : “NeuRoute: Predictive dynamic routing for software-defined networks”, 2017 13th International Conference on Network and Service Management (CNSM), Tokyo, Japan, pp. 1-6, (IEEE) (2017)
- A. Azzouni, G. Pujolle : “A Long Short-Term Memory Recurrent Neural Network Framework for Network Traffic Matrix Prediction”, (2017)
- A. Azzouni, R. Boutaba, Th.‑M.‑T. Nguyen, G. Pujolle : “sOFTDP: Secure and Efficient Topology Discovery Protocol for SDN”, (2017)
- A. Azzouni, Th.‑M.‑T. Nguyen, R. Boutaba, G. Pujolle : “Limitations of OpenFlow Topology Discovery Protocol”, 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-hoc-Net 2017), Budva, Montenegro (2017)
- A. Azzouni, O. Braham, Th.‑M.‑T. Nguyen, G. Pujolle, R. Boutaba : “Fingerprinting OpenFlow Controllers: The First Step to Attack an SDN Control Plane”, 59th annual IEEE Global Communications Conference (GLOBECOM 2016), Washington DC, United States, pp. 1-6, (IEEE) (2016)