Abstract
In the rapidly evolving landscape of Software-Defined Networking (SDN), the enhancement of security measures against sophisticated cyber threats is paramount. Among these threats, inference attacks pose a significant risk by allowing adversaries to deduce the configurations and policies of SDN switches, thereby undermining the integrity and confidentiality of the network infrastructure. To address this critical issue, we introduce a novel dynamic rule replacement policy for SDN switches, leveraging the capabilities of a Support Vector Machine (SVM) for its implementation. Our approach utilizes a comprehensive set of statistical features, including duration analysis of flow rules, dispersion of packet match fields, and frequency of packet arrivals to identify patterns indicative of potential inference attacks. By dynamically adjusting the rules within SDN switches based on the analysis of these features, our policy significantly enhances the resilience of the network against such attacks. To accelerate the innovation and development of network services, this study proposes an integrated SDN architecture deployed over a serverless framework. This work serves as a starting point to enable researchers to realize the concept of modular serverless functions over traditional SDN environments. We show during inference attacks how a serverless framework improves the latency and resource utilization of the network compared to a traditional SDN framework. This study demonstrates an improvement in preventing inference attacks without compromising the performance and efficiency of the SDN infrastructure.