Security Threats in the Data Plane of Software-Defined Networks

Shang Gao, Zecheng Li, Bin Xiao, Guiyi Wei

Research output: Journal article publicationJournal articleAcademic researchpeer-review

48 Citations (Scopus)


SDN has enabled extensive network programmability and speedy network innovations by decoupling the control plane from the data plane. However, the separation of the two planes could also be a potential threat to the whole network. Previous approaches pointed out that attackers can launch various attacks from the data plane against SDN, such as DoS attacks, topology poisoning attacks, and side-channel attacks. To address the security issues, we present a comprehensive study of data plane attacks in SDN, and propose FlowKeeper, a common framework to build a robust data plane against different attacks. FlowKeeper enforces port control of the data plane and reduces the workload of the control plane by filtering out illegal packets. Experimental results show that FlowKeeper could be used to efficiently mitigate different kinds of attacks (i.e., DoS and topology poisoning attacks).

Original languageEnglish
Article number8284050
Pages (from-to)108-113
Number of pages6
JournalIEEE Network
Issue number4
Publication statusPublished - 1 Jul 2018

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'Security Threats in the Data Plane of Software-Defined Networks'. Together they form a unique fingerprint.

Cite this