The Stateoftheart Researchmethodologies in Software Defined Networking Wireless Security Issues
1. Introduction
Digital forensics [ane] includes the depth investigation of attacks and the drove of traces left by the intruders after any suspicious events or malicious code is detected. The traces from the intruders human activity as evidence to regenerate the set on and enable the computer systems to enhance the security for future threats. The basic forensics steps are divided into v main steps which include (one) Identification phase, where it is identified whether a law-breaking has occurred on not? This method uses the anomalies detected past IDS and suspicious events for identification purposes. (2) Evidence Drove phase, where the forensic experts identify the evidence from SaaS, IaaS, and PaaS sources of deject service models. (3) Examination and Analysis phase, where the forensic experts inspect the gathered evidence, correlates, and produces the conclusion. (4) Preservation phase, this phase guarantees the information integrity and needs a large volume of data storage for further investigation. In this stage, the gathered information is fully protected. (5) Presentation and Reporting stage, where a finding report is created by the forensic experts based on their findings related to a specific instance [ane,two].
Digital forensic is categorized based on the Application domain. A digital forensic in context with network management is chosen network forensic, digital forensic in context with cloud computing is called cloud forensic, digital forensic in context with the web is called web forensic, and digital forensic in context with mobile is called mobile forensic. For efficient network management, network security is ever considered a priority concern. The success of network management is mostly predictable past the smooth working of their applications [iii].
Over a couple of years, we have noticed the wide adoption of a very new concept in the field of networking, which is so-chosen Software Defined Networks. The Software-Defined Networking (SDN) epitome has recently turned up as an intended engineering science to ease network security and cloud security issues peculiarly in context with network forensic and cloud forensic [iv]. Forensics is still at an early stage in SDN and currently has a minimal number of contributions. SDN provides digital forensics support as it allows the prophylactic preservation of network activity traces to determine the root causes of diverse problems. Forth with storage, it provides general support in the course of centralized control. However, the centralized control of SDN facilitates to configure and manage the network devices at ane point which indirectly opens a door for breaches and failure due to a single point concept. Network forensic and deject forensic are highly dependent aspects of SDN forensic. Both aspects deliver the same aim, while both are all the same different in their approaches. Consequently, the network is considered a crucial role of cloud calculating, Network Forensic identifies and analyzes the evidence from the network (whether Private or public). It then reclaims the information on which network ports are used [ii], while cloud forensic represents the forensic of deject architectures. Despite the significant advantages of networks and deject architecture, security in networks and clouds is ever a large business organisation for the forensic team or investigating team.
To the all-time of our noesis, none of the enquiry has and so far focused on SDN forensics, especially in context with network and cloud forensic. The paper provides a systematic review of SDN forensic starting from its groundwork, primal concepts, SDN bug in network, and deject forensic, along with future work and recommendations.
The contribution of this paper can be summarized equally follows:
-
Discussing recent articles which investigate the research on network and deject forensic from the security signal of view.
-
Providing various categories of network and cloud forensic, their relationship, and their comparison.
-
Discussing SDN forensic and providing various approaches.
-
Discussing the advantages of using SDN in network and deject forensic.
-
Investigating the challenges and issues of SDN in network and cloud forensic.
-
Discussing future enquiry directions of SDN in network and deject forensic.
The rest of this paper is structured as follows: Department 2 of this newspaper discusses the background of our inquiry (starting from network security to network forensic and cloud security to deject forensic). In Section three, we provide the details about the SDN, its forensic, and also its utilization in network and deject forensic along with advantages, problems, and challenges. Moreover, the time to come directions of using the SDN in network forensic and cloud forensic were too discussed. The need for security in forensic (network and cloud) has been explored in the form of word and recommendations which are presented in Section four. Section 5 concludes this report.
Effigy one presents the taxonomy of this research article. We have tried to elaborate SDN, SDN Forensic in context with Network forensic and Cloud Forensic forth with its force, weakness, challenges and future research directions in the electric current scenario based on the current advances from academia and industry.
2. Backgrounds
Before discussing in Section 3, the software-defined networking and their utilization in network forensic and cloud forensic. In this department nosotros endeavor to narrow the scope of network forensic and cloud forensic by discussing their background starting from the network security and cloud security point of view. Our goal in this section is to explain the network and cloud forensic in context with their security. To practise this, nosotros beginning talk over the network security and network forensic, then nosotros will talk over the cloud security and cloud forensic that are about pertinent to the ensuing discussion. Figure 2 unveils the background details of network and cloud forensic from a security signal of view.
2.i. Network Security
For network security, a network forensic is a preferred technique to get the hidden details of the attacks and their causes. Network forensics is a tool for the identification, compilation, storage, exam, and reporting of network digital evidence. Network forensics is a technique adopted past various network administrators to investigate to find the source of the attack [1]. For proper operation, information technology is crucial to secure networks (end-hosts, servers, and other related assets) and for the forensic investigation to discover attack attempts, whether they are successful or not. It is also of import to recognize elementary anomalous patterns for a solution, to be able to detect as many ways of attack and malicious activities equally possible, Ref. [5] for attaining improve security.
2.i.1. Network Forensics
Network forensics [6,7] is a critical part of security for the network-based stream data. Network forensics focuses primarily on surveillance and analysis of network traffic to rail, avert, and diagnose security incidents [eight]. In automatic and real-time devices that are connected to the net, there is e'er a cyber risk that harms the operations over network systems. Therefore, it is of import to conduct and evaluate forensic behavior in all devices linked to a network. The network besides has a specific view of the issue in most information alienation cases or data abuse scenarios [9]. During the investigation procedure, network forensics faces a huge challenge which includes a huge amount of network traffic. Therefore, rigorous processing is required for assay and most of the data is irrelevant, which creates problems in accessing the network and cloud architectures [10]. In paper [eleven], the author has given many references related to network security using different aspects of the network forensic. Some of the existing approaches address the full forensics procedure, some references deal with managing and effectively storing the forensic data, and some mention the intrusion detection techniques for the detection and reporting purpose for the forensic investigation processing [11]. Network forensic acts every bit a tool to identify and notice the network loopholes and prevent farther failures by detecting the root crusade of the issue or exposing the attacker'southward intentions.
2.1.ii. Categories of Network Forensic
(Investigation Mode and Information Processing Mode Nomenclature)
There are two categories of network forensic based on investigation mode, the first ane is online, and some other is offline network forensic [12]. This blazon of investigation depends on the time of the investigation.
(A) Online/Alive Network Forensics
This type of network forensic is too known equally dynamic forensics, here the investigation is performed at the time of its flow. Online network forensic is mostly suitable for large, distributed networks, and hence it requires more than computational resources, and a huge amount of storage is a basic requirement.
(B) Offline Network Forensic
This type of network forensic is also known equally static forensics, here the network information is captured, recorded, and analyzed afterwards the attack. Information technology correctly records every occurrence from network logs and monitors the behavior of intruders briefly and accurately but due to lack of storage space, there is a possibility of overwriting existing data and there is no guarantee that the information is non changed by the intruder.
In that location are two categories of network forensic based on data processing mode, the first one is proactive, and and another is reactive network forensic [12]. This type of investigation depends on the execution definition (a type of approach used).
(one) Proactive Network Forensic
Used for existent-time investigation of the incident by supplying the device with automation while reducing user interaction. In existent-time, it provides more accurate and precise data, offers early on detection of network attacks, and reduces the likelihood that intruders can delete evidence afterwards the assail. However, in terms of detecting attack patterns and set on patterns, this increases overhead processing and storage.
(2) Reactive Network Forensic
To investigate an assail after it has occurred is a postmortem method. To ascertain the root cause of the assail, correlate the attacker to the attack, mitigate the impact of the attack, and investigate the malicious incident with reduced processing, it examines network vulnerabilities by detecting, storing, gathering, and analyzing digital evidence collected from the network.
Figure iii presents the taxonomic construction of the network forensics as information technology is presented in [12]. The effigy illustrates that network forensics is subdivided into 2 branches namely investigation mode and data processing. The Investigation mode divides the network forensic into online and offline network forensic. The information processing manner divides the network forensics into two sub-branches: centralized and distributed network forensics.
two.2. Relationship of Network and Cloud Forensic
As we know, cloud computing is changing the business organization to increase the value of work and subtract the production cost [thirteen]. These days, cloud computing is becoming the most promising technology, instead of providing local servers or personal computers to manage applications with a simple, on-demand use of computing resources, it relies on shared computing resources. These available services are delivered by utilizing minimal direction effort and with the to the lowest degree interaction with the service provider [14]. The purpose of cloud calculating is to migrate all computational related resource which include the storage, the network, and the requirements of the service to a platform which is service-oriented through virtual machines located at different data eye [3]. It moves applications and databases to big data centers where it is non safe to outsource sensitive data and resources. This poses diverse threats to security and attacks on the cloud [2]. Even so, the significance of networks in cloud computing has a great touch on "on-demand" resource allocation simply its openness and provisioning have opened doors for intruders to set on cloud networks through malicious attacks. Hence, for network security, an efficient investigation process is needed to monitor and analyze the network to observe the root cause of these attacks [13].
2.3. Deject Security
If security practices are properly practical in clouds, they can provide proof that can justify the forensic method. The architectures that integrate various levels of security concerns include public, private, hybrid, and community cloud. The level of cloud security is a function of the level of conviction in all to a higher place-mentioned architectures that can be put in partnership with third parties (CSP) and how far the company has incorporated the cloud framework into its system architecture based on (SLA) [fifteen].
2.3.1. Cloud Forensic
Digital forensics is an implementation of scientific concepts, practices, and procedures through the detection, compilation, storage, analysis, and reporting of digital bear witness to reorganize incidents [2]. Although forensic scientific discipline related to cloud computing is an application of scientific concepts and technical practices, derived and proven methods to recreate past cloud computing incidents [x]. Therefore, cloud forensics is a subset of network forensics and an application of digital forensic science in a cloud environment [16]. Evidence can be anywhere in the cloud. However, finding the traces on the deject server is more than complicated [ii].
Cloud forensic is conducted through the stepwise stages of identification, data collection, preservation, exam, estimation, and reporting of digital prove [17,eighteen]. Cloud forensics is considered as 1 of the most pregnant fields in the evolving world of cloud calculating. In paper [19], the issues of cloud forensics and challenges were identified in detail. In a similar newspaper [20], the authors discuss the overview of the challenges in the field of cloud forensics and provide suggestive solutions. Deject computing and its compages effects are e'er huge and challenging for the network forensic team. Besides the significant advantages of cloud architecture, security in clouds is e'er a big concern for the forensic squad or the investigating team [10].
2.3.2. Categories of Deject Forensic
(Investigation Mode and Cloud Infrastructure Mode Classification)
There are three categories of network forensic: the first 1 is a dynamic deject, the second one is static deject forensic, and the tertiary is remote cloud forensic [15]. These iii types of investigation mode-based cloud forensic depend on the time of the investigation.
(A) Dynamic Cloud Forensic
The analysis of cloud forensics ofttimes allows the device to be alive during the procedure to observe new data to think valuable sources of evidence, such every bit open up network links, retention dumps, and running processes. The dynamic manner is known equally this type of investigation mode.
(B) Static Cloud Forensic
Based on the inquiry timeline, the conventional investigative approach conducted after defining the set on in the cloud is the static fashion. IoT information has already been compromised or removed considering of the assault. Using universal serial passenger vehicle and scanning enshroud retentiveness, static mode recovers data, among others.
(C) Remote Cloud Forensic
This type of forensic ordinarily deals with the remote access forensic based on the legal agreements and based on the mutual contract.
There are two categories of cloud forensic based on Cloud Infrastructure Style (dynamic deject forensic), the first i is in-cloud forensic, and another is outside-cloud forensic.
In newspaper [8], the authors accept provided a taxonomy of cloud forensic. According to them, the resource-driven cloud forensic category is a type of cloud forensics, which deals with forensic methods of individual cloud resources like a virtual machine, storage, and network forensic. Although network forensics is used for network security diagnosis in a deject computing environment and is further divided into deject network forensic with its two of import implementations as In-cloud and Outside-cloud network forensics. Besides the in a higher place two mentioned categories of cloud forensic, the paper [fifteen] has likewise mentioned some of the other new categories like remote cloud forensic and alive organisation forensic and also mentioned some of the previously existing categories like (VMF) and (StaaS) Forensics. Therefore, nosotros provided our taxonomy of deject forensic categories based on [8,15].
(1) In-Deject Forensic
In-cloud Network forensics includes the network traffic inside the cloud infrastructure, which can be (a private network of the user or the underlying network framework).
(2) Outside-Deject Forensic
Outside-cloud network forensics involves the forensic outside the cloud infrastructure.
Figure four presents the taxonomic construction of cloud forensics as information technology is presented in [viii,fifteen]. The figure illustrates that cloud forensics is subdivided into three branches, namely dynamic forensics, static forensic, and remote forensics. The live forensics (dynamic forensic) is in its plow further decomposed into 2 sub-branches: In-cloud forensics and Outside-cloud forensics.
3. Software-Defined Networking (SDN)
Software-divers networking (SDN) is one of the most promising options for network management and a future of next-generation networks (Future Networks). SDN possesses an intelligent configuration, better flexibility to accommodate innovative networks, and loftier-performance architecture. The SDN mainly consists of 3 layers, namely (1) Infrastructure layer, (2) Command layer, and (3) Application layer, which are stacked over each other. The infrastructure layer is the bottom layer dedicated to the data plane. Being at the everyman layer, the infrastructure layer consists of switching devices. The control layer is in the heart layer and is dedicated to performance. The control layer contains a command plane which contains the software-defined network control software. An application layer on the meridian resides to a higher place the command layer. The application layer includes SDN applications that are configured to meet user requirements [21,22].
iii.1. SDN Forensic
Determining the root crusade and finding the source of SDN-based attacks is a difficult challenge, since the techniques used in conventional networks to obtain attack prove are non adequate when we deal with forensic of SDN attacks [23]. Each layer of SDN has its security implications and specifications because security is not initially considered as function of the SDN design. Additionally, it is fifty-fifty more important to build trust across an SDN [24]. In paper [25], a word on possible threats associated with each layer of the SDN architecture and the role of the discovery of topology in the traditional network and SDN are highlighted. A thematic taxonomy of topology discovery in SDN and insights into the potential threats to topology discovery and its state-of-the-art SDN solutions are presented.
SDN forensic solutions in full general volition provide a reasonable solution to network and cloud security. The utilization of SDN in network and cloud forensic are worth studying for efficient networks and cloud.
3.two. Security Approaches for SDN
3.2.1. Content Inspection
To inspect the contents of each package of information on a network is known every bit content inspection. Using IDS, a content inspection can be enhanced through flow level security and deep packet inspection. As SDN enables period-level security for the network security systems, the period of data is analyzed during the content inspection, and selected packets are then used for the content inspection. In IDSs and IPS, flow-based content inspection processes let toll-effective (DPI). The (ID/PS) task is to runway the networks' running status in compliance with security policies. They detect attacks/threats, introduce countermeasures to protect the network from any potential threats in the future [26]. The role of an (IDS/IPS) is to finish or allow packets based on a thorough packet survey using pattern recognition, data mining or signature matching with an established threat inventory. In real-fourth dimension, the SDN IDS tin can utilize a huge amount of menstruation-based knowledge. In [27], the writer has mentioned many referenced papers related to the IDS integration with classical tools, SDN IDS/IPS implementation, and applications.
three.2.2. Traffic Monitoring and Auditing
Traffic monitoring and auditing is another feature of SDN-based devices. Likewise other fundamental network direction tasks of SDN, network traffic monitoring promotes anomaly detection, network forensic analysis, and user application identification [1]. Monitoring and auditing are very important instruments for certain security tests when we talk about forensics. The amount of data that tin be obtained at the menses and even package level is straight linked to a major opportunity in SDN networks [27]. In the same newspaper [27], the authors accept mentioned many referenced papers related to traffic management tools and traffic management platforms.
Too the above-mentioned security approaches for SDN, in that location are other security approaches which are also used in various cases, which include Flow Sampling, Access Control, Network Resilience, Security of Middle-Boxes, and Security-Defined Networking.
3.3. Software-Defined Networking (SDN) for Network Forensic
3.three.1. Advantages of Using SDN in Network Forensic
The SDN promises enhanced configuration, improved performance, and encouraged innovation. A general service offered by the SDN is to provide a elementary forum for centralizing, integrating, testing configurations, and adding policies to ensure that the implementation meets the security protection (proactively preventing security breaches). In SDN, the control aeroplane is logically centralized. It enables network forensics, security policy modification, and security service insertion. Its architecture supports highly reactive security monitoring, review, and response systems [26]. Additionally, SDN provides better ways to detect and defend attacks reactively likewise. Simply, we can say that SDN tin can provide security both proactively and reactively [21].
SDN collects the network status and allows the analysis of traffic patterns and provides programmatic command over traffic flows for potential security threats. For further study, the traffic of interest can be directed straight to intrusion prevention systems. SDN is capable of providing direct and fine-grained network access and offers opportunities and platforms for the introduction of innovative information defence force measures confronting security threats [21]. For network, forensics SDN provides quick and adaptive threat identification to analyze, update the policy and reprogram the network. Moreover, SDN encourages dynamic security policy modification during runtime to specify a security policy to subtract the chances of misconfiguration and policy conflicts. We can only deploy firewalls and intrusion detection systems (IDS) on specified traffic in compliance with security policies [26]. When SDN is integrated with in-cloud networks forensic, they provide the best solution for the network forensic [viii].
three.3.two. Challenges and Issues of SDN in Network Forensic
The centralized command of SDN draws attackers to exploit various network devices by taking illegal control of the controller past hijacking the controller itself. In the evolution years of SDN, the security initially was non considered every bit a key feature of SDN architecture, but with time and due to the centralized nature of the SDN, they are vulnerable to diverse attackers. Therefore, the security of SDN is given more priority. In the newly evolving SDN architecture, investigating attacks is a tiring and demanding task [28]. Eventually, SDN seems to be the near intriguing evolution platform for future networks. SDN nevertheless faces many challenges and problems, despite its impressive advantages, especially when it comes to a network security problem. The goal of SDN network measurement is to sympathize and quantify different aspects of network activity to promote network management, monitor the anomalies and the development of security mechanisms, and network troubleshooting [22].
Hence, despite diverse benefits and the number of resources and facilities provided past the SDN prototype, in that location is always a threat that can break the security breaches and hindered the security [four]. In that location are dissimilar levels in an SDN architecture where a security threat may arise. Commencement, at a data airplane in the infrastructure layer, which will comprehend the network appliances and covers the middleboxes. Second, at a control plane in the control layer and the last one is at the awarding layer [21,26]. Because of SDN's intelligence, the control plane attack will interrupt the entire network and the centralized design will offer and encourage hackers by providing them the chance to discover security weaknesses in the controller itself and take over the entire network [21]. The separation of the planes (control airplane and the data aeroplane) and forwarding the control plane functionality to a centralized system (e.g., OpenFlow controller) can create a strong foundation for futurity networks. However, it likewise opens a new security claiming, which cannot be easily handled by the traditional forensic tools. The SDN controller can easily go a unmarried betoken of failure and will exit the whole network down in example of a security compromise [26].
The measurement of the network is seen every bit a fundamental technique to defend the SDN against major security threats (like OpenFlow protocol loopholes such every bit deficiency of advice verification, architecture defect, single controller problem, and network resources constraint [22]). SDN can bring various security problems, e.g., unauthorized information modification, controller hijacking, and a black hole issue. These challenges cannot be fixed by using the traditional firewall or IDS-based solutions [29]. The SDN security challenges can be classified into ii types: (one), hardware-based and (ii), protocol-based challenges. The protocol-based challenges are handled by the network measurement which provides the way for network security [22].
SDN allows applications to communicate with the control aeroplane to access network resource, add new functionality, and exploit network action that tin can cause security threats. Additionally, shielding the network from malicious applications or irregular application activity is another significant SDN security problem [26]. In SDN, a centralized controller is responsible for controlling the entire network, and the entire network tin exist distracted by some course of a security alienation in the controller. Furthermore, the security lapses in the communication of controller data paths may provide intruders with admission to and use of network resources [26].
Besides the all-time advantages of using the SDN, many primal issues of networking security remain unsolved [22]. In [26], the authors had classified unlike types of threats related to each SDN plane or layer. The newspaper also elaborates on the network security in general for the SDN and each level in depth. In Effigy five, nosotros have highlighted the challenges and issues of SDN in Network Forensic.
iii.3.3. Future Inquiry Directions of SDN in Network Forensic
SDN security is considered in several application contexts, including wireless communications. The application-controller communication and the security for the control channel between the controller and the network devices in SDN is an important area of security where a lot of enquiry needs to exist done. Also, the trust amid all the network devices and the applications is one more than related topic of security where researchers should focus on. Some other extension related to security is the business concern for the standardized framework, vulnerability analysis, mitigation studies in SDN architectures for the controller-switch and their advice. A lot of research is being done to consider and evaluate the feasibility of finger-printing attacks and (DoS) attack on the controller through exploiting flow tables of data plane elements and command channels. Control-information plane and control plane advice is more than prone to vulnerabilities and requires substantial hardening to mitigate security threats regarding communication protocol security for infrastructure and software services. Other potential enhancements for network direction include attack detection and mitigation by cost-effectively using the SDN framework. Additionally, intrusion detection/prevention systems in networking are the best protection confronting threats [30]. The employ of various security approaches such every bit contents inspection, traffic monitoring, menstruum sampling, security middleboxes, etc. when combed with the capabilities of the program, control, and data planes, tin can protect the entire network [26]. In the same direction, security software may be introduced and used to enforce the security features of the network on top of the control plane. They are used to acquire the network state from the network control plane or to become the resource information from the control plane. Moreover, protection programs are also able to obtain packet samples from the control airplane. Security applications can enforce security policies and redirect traffic through the control plane, in compliance with higher security policies. Still, in terms of protection, scalability, supportability, and many more, SDN has its complexities and weaknesses. The principal concern for such types of applications is protection [26]. In Figure 6, we take listed the future research directions of SDN in Network Forensic.
iii.four. Software-Defined Networking (SDN) for Cloud Forensic
three.4.1. Advantages of Using SDN in Cloud Forensic
SDN is an emerging engineering and a centrally located best-based solution to defeat DDoS attacks and TCP SYN flooding attacks. SDN specifically provides centralized command, software-enabled traffic analysis, and a global view of the network. Therefore, they are considered equally a perfect tool to enhance the forensic in deject-based setups [31]. Since cloud computing systems are composed of various shared resources amid unlike users. There are diverse possibilities that a user tin can spread malicious traffic on the whole system or access the resources of other users or will consume more than resources. Similarly, interactions can cause conflicts in network configurations in multi-tenant cloud networks where tenants run their command logic. However, these problems tin be effectively solved, provided the unified view of all the resources using SDN's centralized control plane framework [26].
Applying digital forensics in the deject surroundings is labeled as cloud forensics. The main purpose of cloud forensics is to bargain with incidents. This involves the forensic of cloud infrastructure and their services for both criminal investigations and civil legal actions [eight]. The latest technologies like digital forensics, network forensics, and deject calculating, when integrated for functioning, are always best in practice. However, in that location is always a threat, and these types of integrated systems are always decumbent to security threats due to their heterogeneous nature. The outcome of cloud computing is the combination of provision computing, network virtualization, charges on usage, and storage resources on need. SDN in data center networks, usually in cloud computing environments, can fully meet the requirements like the fine-grained control of SDN provides the opportunities to extend the service provisioning beyond storage resource, location independence for dynamic resources provision, scalability for large scale deployment, calculating, QoS differentiation for dissimilar tenants, and network visibility [21]. Therefore, a demand is created which forms the basis for deject forensic as a potent tool for network-related forensic in clouds. However, due to the distributed nature of the cloud infrastructures, forensic investigators face up several challenges, and those challenges are different for different traditional digital forensics types [xiv].
3.4.2. Challenges and Bug of Using SDN in Cloud Forensic
Due to distributed nature of cloud services, data is mostly residing in multiple legal jurisdictions, leading to an increment in the time of the investigation, cost, difficulty associated with data drove, and analyzing the data remotely for a forensic purpose. The multi-tenancy of many cloud systems is associated with unlike types of complication for the forensic including the privacy and the confidentiality of the users, the acquisition of vast volumes of data, the use of IP anonymity, and the easy-to-use features of many deject systems are favorable for deject-based crimes. Similarly, in that location are other problems for the cloud forensic investigation that include encryption and time of acquisition of data which is dynamic and keeps frequently updating [32]. In paper [33], the author has provided various references which are related to the cloud forensic specifically in context with different aspects of network forensic based on the DFRW Investigative Process, (DIP) Model and the ACPO guidelines. The paper evaluated the different concerns posed in each procedure of a digital forensic investigation concerning cloud computing, which includes identification, preservation, examination, and presentation phases. The paper also highlighted the distributed nature of cloud control and storage, which makes it more difficult to track activities and recreate incidents during cloud forensic processing. Other bug mentioned in the newspaper include the loss of essential forensic information such equally registry entries, temporary files, and metadata due to the lack of cloud data eye investigative resources [33]. In deject computing, the forensic tools are non much competition and are poor in their performance due to different limitations faced by diverse (NFIs) including the volatility of the network data, high bandwidth data, heterogeneity, unavailability of cloud networks, network virtualization, fast-moving network data, multi-tenancy, and jurisdiction issues [1]. In paper [eight], the author has mentioned many research papers that brandish the dissimilar domains and the different techniques used for controlling the attacks in SDN based on different aspects of digital forensic. In newspaper [34], the authors discussed the security threats to the SDN by proposing the framework for SDN Forensics. The solutions were divided into 3 categories: protection for controllers, security for applications, and safety for DoS/DDoS attacks. They gear up out a fix of SDN forensic objectives and criteria and introduced a six-component forensic system, including data collection, extraction, fusion, identification of anomalies, security warning, and conservation of evidence. The shortcoming of the proposed SDN forensic framework is its theoretical conceptual design without whatever applied implementation. The solution is based solely on SDN architecture security assumptions by putting confidence in both network devices and controllers. The framework lacks implementation and framework evaluation [8].
There are many other technical and related problems for cloud forensic which need utmost consideration for improve deject forensic results in SDN. Some of the technical issues may arise since the cloud server contains diverse files from many users and the isolation of a detail user file is always burdensome. Some of the other related issues may exist linked to jurisdictions-related issues, dependencies on cloud providers, minimum access and control over forensic data, and lack of forensics experts [ii]. In Figure 7, we accept highlighted the challenges and problems of using SDN in Cloud Forensic.
three.4.3. Future Research Directions of Using SDN in Cloud Forensic
SDN protection is also considered in sure awarding contexts for the technology to proceeds wider credence in specific avenues, such equally in cloud computing [26]. The open research options for cloud related to SDN, which mostly ascend and demand an utmost consideration before SDNs, are commercially deployed as an efficient cloud forensic tool include the scalability consideration, which directly increases the availability and equally more command airplane are added, the new addition opens gates for more than threats. Therefore, it is of import to compare security and scalability in SDN to pattern stable SDN architectures that ensure the high availability of the command plane rather than will back up calculation more control planes. The other concern includes the class-based awarding protection, as information technology is clear that SDN with its current awarding trends may generate various security issues by providing direct access to several applications. In that location are many other correlated open up research options of SDN which include control-data planes intelligence trade-off, synchronization of network security and network traffic, programming and development model introduction, identity location split, and network security automation which must be addressed to brand SDN more commercial [26].
Generally, in deject computing enabled with SDN, boosted security may be introduced and applied at each SDN layer to make intracloud and intercloud communication more secure for resources provision. Additionally, data generated from traffic assay or identification of anomalies in the cloud and its network may oftentimes be transferred to the SDN controller for analysis and feedback, thus improving safety. Real-time SDN monitoring must exist robust plenty to provide timely and efficient identification for deject forensics of anomalous network events. Not only does the monitoring information provide insight into the traffic but should also stress to focus on storage to satisfy the technical requirements. Finally, there is room for research and business organization related to monitoring storage and for subsequent forensic analysis for the SDN [30]. At that place is also a change for the IDS to get improved for meliorate results in SDN cloud-based platforms, hence the SDN in data centers offers opportunities to researchers for enhancing security [26]. In Figure 8, we take listed the future research directions of using SDN in Cloud Forensic.
three.v. Network Forensic Versus Cloud Forensic
Comparison betwixt network forensic and deject forensic is mentioned in Tabular array i.
4. Word
In this research paper, nosotros evaluated network security and forensic and discussed the apply of SDN in forensic. As we know, SDN distinguishes the control plane from the information aeroplane, gives the controller the network and resource management characteristics, and is programmable by the user. That adds distinguishing features to SDN like centralized control, the flexibility of catamenia management, programmability for network application development, and many more. SDN provides better performance, best efficient configuration, and higher flexibility to innovative network designs [21]. A traditional SDN network is vulnerable to various types of anomalies based on the control flow operations (such as symmetric, asymmetric, and intra-controller control flow operations). We ask ourselves a question in our piece of work: using the opportunities of SDN forensic, is there any possibility to enhance the network and deject security? What can be improved and what can we practise ameliorate [3]?
Recommendations
We recommend designing the below-mentioned security-related primitives to be considered for a improve and efficient network and cloud-based forensic.
-
To prevent disruption and protection compromises, SDN security reference models and approaches based on protecting network entities should exist introduced.
-
Using the control channel, traffic tracking of the application-controller and identification of irregularities in item avenues, such as cloud setups tin can be implemented.
-
Various methods and tools should exist implemented to provide stiff security in different forensic procedure stages.
-
Different techniques should be used to provide strong security at different layers of SDN.
-
It is possible to store and retrieve network/land data for post-event and forensic analysis for efficiency.
-
Developing frameworks for the cloud forensic having ease to detect the attacks.
-
Heighten the security, content inspection, traffic monitoring, auditing, and attack detection in cloud forensic.
-
Creating enhanced Intrusion detection systems and improve their utilization in SDN.
These fix of recommendations are provided to forward the researchers to develop efficient SDN based network and cloud forensic platforms. Figure nine provides a pictorial overview of the suggested recommendations for Software-Defined Network (SDN) Forensic in context with Network Forensic (NF) and Cloud Forensic (CF).
5. Conclusions
Detecting attack attempts for securing the networks by using forensic analysis is very important for the smooth running of the data on a cloud and to relieve the network and the cloud from hereafter threats. Security has always remained an upshot when nosotros are talking about the networks in the cloud. Detecting central anomalous patterns in a network is considered an comeback to enhance the security of the clouds. Additionally, a network forensic is an investigation to find the source of the attack to avoid whatsoever attacks/security threats. The SDN promises enhanced configuration, improved performance, and encouraged innovation. Hence, security and forensic in SDN is considered every bit the all-time option to secure the future networks. By using the centralized concept of SDN, the security in cloud networks can be enhanced but the centralized control concept of SDN draws attackers to alienation and assail the cloud. So, we need to do develop more potent techniques to heighten the forensic in SDN in cloud-based networks. This important diversion of forensic in SDN will assistance the clouds to be more secure and will assist in securing the networks using SDN. This paper surveys the state-of-the-art contribution such SDN forensic. Additionally, comparison with other survey works on SDN, new information nearly the controller, details most OpenFlow architecture, configuration, comprehensive contribution almost SDN security threat and countermeasures, SDN in network forensic and deject forensic. Also, future direction of SDN security solutions is discussed in detail.
In future, on top of the electric current SDN layers, additional security layers may be practical. Even, to incorporate more traffic filtering granularities specific to heterogeneous networks, such equally wireless environments, an agent tin be added in data aeroplane components. Moreover, additional protection can be enforced on each SDN layer in SDN-enabled deject computing, depending on the underlying operational requirements to brand intra- and intercloud communication less insecure.
Our focus in future piece of work is to present diverse example studies of SDN forensics, which will aggrandize the concept of SDN forensics and will strengthen the approaches along with improvements in the latest techniques for a real-time implementation of SDN forensic in today's earth. The implementation will involve and will cover upward many applications and other related technologies such every bit cloud computing and blockchain. The motivation for our future piece of work will exist based on the concepts utilized in [35,36,37].
Author Contributions
The authors of this article have contributed to this enquiry paper as follows: Writing and preparation, Q.W.; Review and visualization, S.Due south.A., G.N., W.I.S.Due west.D. and A.Southward.A.; Editing and revision, Q.W. All authors have read and agreed to the published version of the manuscript.
Funding
Taif University Researchers supporting Projection number (TURSP-2020/215), Taif University, Taif, Saudi arabia.
Institutional Review Lath Statement
Not applicable.
Informed Consent Statement
Not applicable.
Data Availability Argument
Non applicable.
Conflicts of Involvement
The authors declare no disharmonize of interest.
Abbreviations
| Abbreviation | Full forms |
| CF | Cloud forensic |
| CS | Cloud security |
| CSP | Deject service provider |
| DDoS | Distributed denial of service |
| DPI | Deep packet inspection |
| DoS | Denial of service |
| DPI | Deep packet inspection |
| NFI | Network forensics investigator |
| IaaS | Infrastructure equally a service |
| ID | Intrusion detection |
| IDS | Intrusion detection systems |
| IPS | Intrusion prevention systems |
| NF | Network forensic |
| NS | Network security |
| PaaS | Platform as a service |
| PS | Protection systems |
| SaaS | Software as a service |
| SDN | Software defined networking |
| SLA | Service level agreement |
| StaaS | Storage as a service |
| QoS | Quality of service |
| VMF | Virtual machine forensics |
Publisher's Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Figures and Tabular array
Figure two. Groundwork of network and deject forensic from the security viewpoint.
Provides the summary of the Network Forensic vs. Cloud Forensic.
| Network Forensic | Cloud Forensic | |
|---|---|---|
| Brief | The Forensic Network is a method for finding and detecting network loopholes and preventing further failures. | In a cloud earth, deject forensics is a co-operative of network forensics and an extension of digital forensic science. |
| Primal Features | Network forensics focuses on network traffic monitoring and analysis to track, forbid, and diagnose network security incidents. | Incidents are primarily handled by cloud forensics. This covers deject computing forensics and its services. |
| Advantages | Security and Enhanced Network Management. | Deject Security and Deject protection. |
| Issues | Because of the enormous amount of network traffic and intensive processing needed for forensic assay, much of which is unrelated to the available information, which creates bug accessing network and cloud architectures. | Forensic investigators face many challenges due to the dispersed nature of the cloud infrastructures, such every bit contributing to an increment in the time of the investigation, expense, data collection problems and remote analysis of the data. |
| Future | It is possible to incorporate avant-garde networking intrusion detection/prevention systems. | Sophisticated network virtualization, consumption costs, and on-demand storage chapters can be enforced. |
0 Response to "The Stateoftheart Researchmethodologies in Software Defined Networking Wireless Security Issues"
Post a Comment