Flow consistency in an intensive SDN security architecture with multiple controllers

As critical components in SDN,controllers are prone to suffer from a series of potential attacks which result in system crashes.To prevent the compromise caused by single failure of controller or flow-tampering attacks,Mcad-SA,an aware decision-making security architecture with multiple controllers was proposed,which coordinates heterogeneous controllers internally as an“associated”controller.This architecture extends existing control plane and takes advantage of various controllers’merits to improve the difficulty and cost of probes and attacks from attackers.In this framework,flow rules distributed to switches are no longer relying on a single controller but according to the vote results from the majority of controllers,which significantly enhances the reliability of flow rules.As to the vote process of flow rules,segmentation and grading is adopted to pick up the most trustful one from multiple flow rules and implement flow consistency.This mechanism avoids comparison between rules via bit by bit which is impractical among several controllers.Theory analysis and simulation results demonstrates the effectiveness,availability and resilience of the proposed methods and their better security gain over general SDN architectures.