Go to DBLP homepageA Secured OpenFlow-Based Switch Architecture
Abstract: In this paper, we propose a secured OpenFlow-based switch architecture. The architecture is a combination of OpenFlow Processing that routes packets according to the OpenFlow protocol and Security Processing that defends against network attacks. Therefore, the proposed switch can work not only as a OpenFlow-based forwarding device but also as a network protection system. We implement our prototype switch on a Xilinx Virtex 5 xc5vtx240t FPGA device. In this prototype version, we integrate two different DDoS countermeasure techniques, the Hop-Count filtering and Port Ingress/Egress filtering. The experimental results show that the switch achieves packet processing throughput by up to 19.7 Gbps while a 100% DDoS detection rate with up to a 2.9% false positive rate and a 0% false negative rate is obtained. Our prototype system uses up to 36% Look-Up Tables, 38% Registers, and 62% Block RAM of the FPGA device.
Loading