Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9
DoS Attack Mitigation Using Rule Based and
Anomaly Based Techniques in Software Defined
Networking
Prajakta M. Ombase
P.G. Scholar
Dept. of Computer Science and Technology
Usha Mittal Institute of Technology,
SNDT Women’s University Mumbai, India
prajakta.ombase@gmail.com
Sudhir T. Bagade
Assistant Professor
Dept. of Computer Science and Technology
Usha Mittal Institute of Technology,
SNDT Women’s University Mumbai, India
bsudhiran@ieee.org
Abstract—Software Defined Networking (SDN) is new technology
over the traditional networks. With the new framework design of
SDN, security is a big challenge. Number of attacks can be
possible in data plane and control plane in SDN. One of the
preliminary attacks in SDN is Denial-of-Service (DoS) attack.
Providing security to control plane using traditional intrusion
detection system (IDS) to mitigate DoS attack is a challenge. DoS
attack in SDN affects performance and behavior of network.
Legitimate hosts are not able to communicate with server after
creation of DoS attack. This paper aims to detect and mitigates
DoS attack in SDN. For detection and mitigation of DoS attack
we used two techniques-- 1) Rule based approach using Snort
tool 2) Anomaly based approach using BRO tool. For DoS attack
creation we employ Hping3 and Low Orbit Ion Cannon (LOIC)
tools. We evaluate the performance of technique using
parameters like packet loss, average time and round-trip time.
Further work can be extended by reducing false positives and
false negatives in IDS. False positives are false alarms generated
on normal traffic. Which may help to improve the performance
IDS.
Keywords—Software Defined Network (SDN); Open Flow;
security; Denial of Service (DoS); Open Networking Foundation
(ONF); Southbound interface (SBI); snort; Bro; Intrusion
Detection System (IDS).
978-1-5386-4031-9/17/$31.00 ©2017 IEEE
Nayana P. Kulkarni
P.G.Scholar
Dept. of Computer Science and Technology
Usha Mittal Institute of Technology,
SNDT Women’s University Mumbai, India
nyna.p.kul@gmail.com
Amrapali V. Mhaisgawali
Assistant Professor
Dept. of Computer Science and Technology
Usha Mittal Institute of Technology,
SNDT Women’s University Mumbai, India
amrapali10@gmail.com
1. INTRODUCTION
Traditional networking devices contain data plane and control
plane on each device. Increasing data traffic because of recent
trends in networking such as big data, cloud computing
increases the load on traditional network and this situation
motivated to introduce new network architecture. In 2008,
SDN architecture has been introduced by Open Flow standard
[1] to deal with increasing data load on network.
The aim of SDN is to separate data plane and control plane
using open flow protocol. Data plane includes networking
element such as switch, router etc and also called as
forwarding plane as it controls data forwarding of network.
Control plane is also known as the brain of SDN as it handles
entire network by automating network management [2] and
maintains the global view of the network. Now SDN is widely
used in many areas such as facebook, Google, data centers etc.
There are various SDN controllers available such as
Floodlight [3]. Though SDN is more efficient in terms of
management of global network over traditional network, there
are some challenges such as controller failover, load
balancing, scalability, traffic engineering, and security and
controller placement [4]
The idea of separating control plane and data plane in SDN
provides many advantages to networking environment but also
introduces various security challenges. In IP spoofing, attacker
can send fake packets to SDN controller indicating that the
packet is from authorized source. In this way attacker can gain
unauthorized access to controller [4]. Unauthorized access to
469
 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9
controller can increase the risk to sensitive information
disclosure.
To date there are many security solutions available such as
Avant-guard [5], Of- guard [6], Flow ranger [7], Flood-guard
[8] Fresco [9].
Avant-guard [5] secures data plane from TCP based attack by
providing extension to Data plane as connection migration and
actuating trigger. Limitation of avant-guard is that, it secures
data plane from only TCP based dos attack. It is not effective
for securing control plane from attack.
Of-guard [6] is data plane layer security solution and uses data
plane cache to filter attack. Of-guard is limited to data plane.
So it can not secure control plane. As it uses data plane cache
to detect the attack, it is limited to only known attacks. The
details on other tool are available in reference [4].
Fresco [7] is application layer security framework and helps to
develop new security applications by providing event
triggering and data sharing. Limitation of fresco is that, it
provides limited security modules and solution is not available
yet.
The limitation of above stated tools does not provide security
to control plane and only effective against only specific type
of attack and discussed DoS attack analysis only. These
limitations motivated us, to present DoS attack detection and
mitigation technique in SDN environment between data plane
and control plane. In this paper we are focusing on DoS attack
detection and mitigation using rule based technique and
anomaly based technique by using powerful network intrusion
detection system (NIDS) Bro and Snort. We evaluate the
performance of these two Intrusion Detection Systems in SDN
environment using parameters such as packet loss, average
time and round-trip time. Our detection technique can be
further extended to detect other types of attacks.
BRO [10] and Snort [11] are network intrusion detection
systems. Snort is signature based IDS while BRO is anomaly
based IDS. Snort is open source network IDS and uses
predefined activity pattern related to known attacks to
identify and block the infected traffic; these patterns are
known as “signature” or “rule”. Upon matching signature,
snort performs various actions such as alert, drop etc. It also
alerts the network administrator about malicious activity so
that admin can take appropriate action or if snort is
configured as inline mode, it can drop the malicious traffic.
BRO is a general purpose tool with scripting language for a
network analysis. It consist of libpcap, event engine and
policy script interpreter. These scripting are used for packet
capturing, event generation policy creation. Libpcap library
take care of capturing packets. Then traffic is passed to event
engine to take necessary action. Then policy script interpreter
finds suspicious activity. It generates log files and learns
about network.
Rest of the paper is organized as follows. In section 2 we
discussed SDN Setup. Section 3 explains the design
978-1-5386-4031-9/17/$31.00 ©2017 IEEE
architecture of the system. Section 4 depicts working of IDS.
Results and analysis are explained in section 5. The paper is
concluded in section 6 with further research direction.
2. SDN SETUP
Dos attack can be intended to flood control plane bandwidth
by creating number of new flows which can result into
network failure for users. Attack on controller can damage
the entire network due to communication failure.
Another possibility of DoS attack is on switch, which can be
caused by filling up the flow table memory [7]. The
networking element or switch has limited memory which is
the target of attack. In this case switch is unable to forward
buffered packets until there is free memory space in switch
flow table. This attack is local for a particular switch and it
does not affect the whole network. Security framework in
SDN can be provided for data plane, control plane or
application plane.
In proposed system the IDS is placed in between switch
and controller. IDS is providing security for live traffic in
southbound that is in between data plane and control plane.
Our system considers DoS attack on the host which are
connected to switch. We are flooding the resources on the
host with the number of fake packets. Due to this host
becomes unreachable from other host and the resources on
host become unavailable.
2.1 Basic SDN setup-
We have created SDN setup to detect and mitigate DoS
attack using rule based and anomaly based IDS.
We used Open virtual Switch (OvS). We have installed each
switch on separate machine. In our system floodlight
controller is used. We have installed floodlight on separate
machine. In this system one or more OvS switches are
connected to host. All the network setup is done on ubuntu
14.0. Then OvS is connected to floodlight controller. We
have connected to remote floodlight Controller. The
connectivity between switches is possible by doing L3
switching on SDN setup
2.1.1 L3 switching in basic SDN setup-
This system leverage OvS from L2 to L3 switching. So that
host to host communication is possible using IP address.
Communication in different subnet can be done using L3
switching. VLAN have their own subnet. So L3 switching is
needed to route in-between VLANs.In L3 switching switch
works as router.
Steps for leverage from L2 to L3 switching in system-
1) Install open virtual switch.
2) Connect hosts to OvS.
3) Execute the switch and create bridge to the respective
switch.
470
 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9
4) Set the IP of data plane interfaces to zero. As later on this ip
will be assigned to bridge created.
5) Add each interface to its own OvS bridge.
6) Configuration can be verified at this stage.
7) Go to any hosts and try to ping other host, it will not be
possible in this stage.
8) Give IP address and netmask to OvS bridge.
9) Connect to the remote controller.
10) Enable IP forwarding
11) Now ping between hosts with IP address is possible.
Means L3 switching is successful.
As a result we get connectivity in SDN network using L3
switching. Example of one of the topology created is as
shown in Figure 1. In this we have created two switches
connected to floodlight controller. Six numbers of hosts are
created and connected to the switches. Each switch is
assigned in different subnet. We used L3 switching for
connecting different subnets.
Figure 1: Floodlight Topology
3. DESIGN ARCHITECTURE:
We proposed the design architecture in the Figure 2.
Figure 2: Proposed system
The system to mitigate DoS attack is as shown in Figure 2.
One Ovs switch is connected to three hosts. Switch is
978-1-5386-4031-9/17/$31.00 ©2017 IEEE
connected to floodlight controller. Once this connectivity is
done the SDN topology gets created. In the given setup host
to host communication through switch is done using L3
switching. Now the host are able to ping each other. Out of
the four connected host to OvS one host is acting as attacker
to create DoS attack using hping3 and LOIC. One host will
be a victim. After DoS attack creation victim becomes
unreachable from any of the other host. IDS is placed in
between switch and controller in our system. After that we
execute IDS and check out the network performance. Third
host will be used to check whether the victim is reachable or
not. After execution if IDS victim becomes reachable and
thus mitigation of DoS attack is performed. We have
considered Snort as rule based technique and BRO as
Anomaly based technique. How Snort and BRO IDS work to
detect and mitigate the attack is discussed in section.
3.1 DoS attack creation in SDN-
Number of tools is available for DoS attack creation. We are
creating DoS attack using Hping3 [12] and LOIC [13] tool.
Both of these tools are open source tools. Switch is flooded
with SYN request using hping3. DoS attack is creating don
one of the hosts connected to switch either on same or
different switch. Hping3 floods the victim host with number
of packets. So that all resources get exhausted and the
internet services on the victim becomes unavailable.LOIC
sends threat packets to victim host. It can send TCP, UDP,
ICMP packets to victim. These threat packets make victim
system unavailable. Both of the tools needs victim IP address.
3.2 Intrusion Detection Systems-
Detection and mitigation of DoS attack on real time traffic is
done by two techniques. One technique is ruled based IDS
and other is anomaly based IDS as explained below.
3.2.1 Rule based IDS - Snort:
Figure 3: Snort architecture:
As shown in Figure 3 Snort architecture [14] has four
components such as sniffer, pre-processor, detection engine,
and alerts/logging. First packet sniffer accepts the packet and
analyse various network protocol. Snort saves the packet if it
has to be processed later. This uses libpcap (pcap liabrary) to
get the packet from network device. libpacp provides
information such as length of the packet, packet captured
time, link type etc. Then packet decoder decodes the packet
according to link layer type and set the pointers at various
parts of the packets, this allow quick access from the various
part of the network. After packet decodation is done it is sent
471
 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9
to the pre-processor. There are number of pre-processor
available in snort. After preprocessing the packet it is passed
to detection engine. It match the packet against signature
database that is included in snort by walking signature tree
till the detection engine either match the rule or it reach at the
end. If the rule is matched, snort generates the alert and sends
it to databse.
Snort inline mode [15]:
Snort inline mode acts as intrusion prevention system and
creates transparent bridge between two network segments.
Figure 4: Snort inline mode
Figure 4 shows that the snort in inline mode creates the
transparent bridge between host1 and host2. All the traffic
from host1 to host2 is passed through snort. The Snort inline
mode passes the traffic to other host or drops if the traffic is
suspicious.
Snort advantages:
Snort is open source and allows developing and customizing
the modules or rules of snort. It is easy to understand and
compatible with many operating systems. It can act as
intrusion detection system as well as intrusion prevention
system. Snort signatures are easily available. snort has active
community of developers and users.
Snort Limitation:
Speed of network may prompt snort from picking up all the
packets. Default rules in snort and new snort installation may
give many false positive alarms. False positives are false
alerts. We can get rid of these false positive by tuning snort
with relevant to the network. Underlying infrastructure must
support snort as snort’s performance is depend on network
stack. Snort signature database should be updated regularly
otherwise snort itself be victim of new attack.
3.2.2 Anomaly based IDS-Bro:
Figure 5: Bro Architecture
978-1-5386-4031-9/17/$31.00 ©2017 IEEE
The architecture of Bro IDS [16] is shown in Figure 5.
Network – It captures the traffic coming over network.
Filtering of packets is done in this layer. Libpcap is a packet
capture library provided by tcpdump. It provides powerful
filter such as BPF filter. Libpcap use the filter to reduce
traffic captured.
Event engine – Resulting filtered packets are then handed over
to event engine layer. It ensured that the packet headers are
proper. It checks weather IP header checksum correct and not.
If everything is fine then event engine looks up for connection
state with associated ip addresses. Different connection
changes generate different connections.
Policy script interpreter – Events generated by the event
engine are checked by script interpreter. After finishing
processing of packets by event engine policy script
interpreter checks whether any event if generated. It keeps all
events in FIFO order and processes each event until the
queue is empty.
Advantages of BRO
Open source- BRO is open source IDS which can be installed
easily. One can use BRO without any restrictions.
Detect about network- BRO identifies what is going on a
network. It detects network activity, files types, softwares,
and connected network devices.
Large volume monitoring-
Open interfaces- Bro can be connected with other application
for real time data exchange [17].
Spiritual community- Bro has vibrant community. It is a
growing community which provides support and assistance.
Forensic- Bro detects what is going on network and it logs it.
This provides high level archive of network activity.
Real time notification- Bro monitors real time traffic over the
network. It checks the traffic with logs. If there is occurrence
of any weird activity then Bro generated the notification
against it.
Limitations of Bro-
False positive - Bro generates high rate of false positive.
Preliminary training- Effectiveness of Bro is depends on
preliminary training -As Bro takes decision about malicious
activity based on logs generated. It needs preliminary data to
take proper decision.
4. WORKING OF IDS
In this section we discussed attack mitigation using Snort and
Bro.
4.1 Attack mitigation using Snort
Attack mitigation using Snort is discussed below [14].
1. Command line: Snort has more than 40 command line
option including –c<config file>.
2. Snort config file: command line includes the config file
path. Snort initialization process parses the config file
472
 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9
which contains various configuration options, rules etc.
parser is located in parse.c file.
3. Rule parsing: Rule parsing is done by snort to identify the
rule type and detection options. Every snort rule consists
of header and options.
4. Packet processing: Snort uses libpcap (pcap liabrary) to
receive packet from network device on which snort is
configured. It provides basic information about packet
such as length, link type, captured time, actual content of
the packet.
5. Packet decoding: Packet decoder decodes the packet
according to packets link type and keeps watch on packet
structure. It generate alert if packet has irregular size, set
options or setting. For example if ethr_type is 2048, it
identifies that the layer is IP. It calls the decoderIP, which
further identifies the next decoder till there is no more
decoder left.
6. Attack detection: Attack detection in snort is done by
various signatures predefined in the snort and upon rule
matching appropriate action is taken. Pattern matching
engine walks through every rule until either the match is
found or it reaches to the end of the rule file. Default snort
rules are available on the snort website. Snort rules are
simple and easy to understand. Snort rules are divide into
two parts i.e. header and option. Rule header defines the
action (such as alert, pass, drop, log etc), protocol, source
and destination address, port, direction of the traffic. Rule
option defines various options such as alert message,
signature id, payload options, non-payload options etc.
payload options used to identify the attack using data
inside the packet payload.
For Example:
“alert tcp $EXTERNAL_NET any -> $HOME_NET any
(msg:"ET DOS Inbound Low Orbit Ion Cannon LOIC
DDOS Tool desu string"; flow:to_server,established;
content:"desudesudesu"; nocase; fast_pattern:only;
threshold: type limit,track by_src,seconds 180,count 1;
reference:url,www.isc.sans.org/diary.html?storyid=10051;
classtype:trojan-activity; sid:2012049; rev:4;)”
Above snort rule identifies the attack created by using
LOIC (Low Orbit Ion Cannon) attack creation tool. This
generate alert on tcp packets from any port if it matches
the “desudeudesu” string, as LOIC has constant string
“desudesudesu”.
7. Attack Mitigation: To mitigate the attack, snort should
configure as inline mode. Inline mode of snort acts as
intrusion prevention system.
978-1-5386-4031-9/17/$31.00 ©2017 IEEE
4.2 Attack mitigation using Bro
Attack mitigation using Bro is discussed below [18].
1. Export module pcap-
pcap.bif. BRO will be generated by user when it executes
Bro. It checks identifier of pcap filter and checks whether
it is installed successfully.
global Pcap::install_pcap_filter: function(id: PcapFilterID
): bool ;
2. Information record stores network statistics information.
Generate BRO init event to collect information of states.
Netstat() is used to get information about state over the
network while transferring packets.
3. Log the information about connection state. It set s0,s1,SF
bits for different connection state. In our system s0 bit is
set as only connection attempt is seen but no reply is
there. We get state history bit s as SYN without ACK
occurred in our system. Bro event checks for inactive
connections and generate an event to remove that state. It
stops to receive packets from respective ip address.
4. Bro checks for log information stored above and generate
notice which gives which weird activity occurred. For our
system BRO detects SYN_seq_jump weird activity.
5. Netstat.log generates statistics about received and dropped
packets.
5. RESULT AND ANALYSIS
In this section we will see the actual results of the attack
detection and mitigation.
5.1 Detection and Mitigation of DoS using Snort
Figure 6 shows the snort GUI. Snort GUI provides details of
alerts that are generated on suspicious packet.
Figure 6: Snort alerts
It also shows the structure of alerts in snort. In Figure ID
defines the signature id on which attack is detected. Signature
field shows the message. Timestamp provides the time and
date of attack detection. IP address of attacker machine and
victim machine provided in source address and destination
address respectively.
473
 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9

5.2 Detection and Mitigation of DoS using BRO

notice.log-
Bro generates log file for weird activity. For our system
notice.log file is generated as shown in Figure 7. For our
SDN setup weird activity is labled as SYN_seq_jump. This is
the error generated when TCP connection is not established.
We get notice.log file which gives value of timestamp,
unique id, ip address of originator responder and the name of
error generated as shown in Figure 7.

Figure 9: Packet Loss

Average time- In the given system average time required for

packet transmission goes on increasing after creation of DoS
attack. The given figure 10 represent number of packet
transmitted and average time required for packet
transmission. Average time goes on increasing after DoS
Figure 7:Noltice.log attack creation and it reduced down after mitigation of DoS
weird.log- attack.

This file is generated when there is occurrence of weird

activity on real time traffic. As shown in figure 8 weird.log
file gives number of packets received and number of packets
dropped with the respective ip.

Figure 8: Weird.log file

5.3 Performance Evaluation

Figure 10: Average time
In our SDN set up DoS attack is created using different tools.
Bro and Snort Performance in SDN:
After creation of DoS attack different factors get affected.
We have considered packet loss, average time, round-trip
Round-trip time for packet is a time required to travel a
time factors for DoS attack detection and mitigation.
packet from source to destination and back again. In our SDN
set-up rtt goes on increasing after creation of DoS attack. At
Packet loss- In our system host to host communication is
one point rtt is very high and after that victim host becomes
possible before creation of DoS attack. At this point all the
unreachable.
packets transmitted by sender get received by receiver. So
0% packet loss is occurred at this point. After creation of
DoS attack by different tool on our system, number of
packets transmitted gets lost. So there is occurrence of packet
loss. At one stage we get 100% packet loss. It means that
packets are not possible to receive from sender. In the Figure
9, X axis represents number of packets transmitted and Y axis
represents number of packets received. Before DoS attack
creation this ratio is same. After DoS attack creation number
of packets received is less than number of packet transmitted.

Figure 11: BRO and Snort Performance in SDN

We have executed Bro and snort IDS on respective machine
after creation of DoS attack. Once IDS check out for the DoS

978-1-5386-4031-9/17/$31.00 ©2017 IEEE 474

 Proceedings of the International Conference on Inventive Computing and Informatics (ICICI 2017)
IEEE Xplore Compliant - Part Number: CFP17L34-ART, ISBN: 978-1-5386-4031-9

attack it drops the malicious packets. Then the round-trip [9] S. Shin, V. Yegneswaran, P. Porras, and M. Tyson, “Fresco: Modular
composable security services for software
time falls down and after some time it becomes very less.
defined network In NDSS”,2013
Now the victim is reachable from other hosts.
[10] Surya bhagavan ambati, deepti vidyarthi,”a brief study and comparison
Figure 11 shows performance of both IDS rule based Snort
of, open source intrusion detection system tools”,2013
and anomaly based Bro in SDN environment. Though there is
[11] https://snort.org/
slight difference in performance of Snort and Bro IDS, both
IDS efficiently mitigated DoS attack in SDN network. After [12] https://tools.kali.org/hping3
attack detection the average round trip time is reduced to [13] https://sourceforge.net
100ms. [13] Andrew R. Baker Joel Esler, “Snort IDS and IPS toolkit”
[14] https://s3.amazonaws.com/snort-org- site/production/document_files/
6. CONCLUSION files/000/000/069/original/Snort-IPS-
Tutorial.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires
In this paper, we proposed the DoS attack mitigation =1506507808&Signature=Gi%2Fi%2BSZuOCk6ujFAIdsz%2BuDnt3w
%3D
techniques using rule based and anomaly based techniques in
SDN. Our proposed system mitigates the DoS attack using [15] Tianyi Xingl, Zhengyang Xiongl, Dijiang Huangl, Deep Medhi2,”
SDNIPS: Enabling Software-Defined Networking Based Intrusion
SNORT and BRO IDS. We have created the SDN setup for
Prevention System in Clouds”, 2014 IFIP
the demonstration of DoS attack creation, detection and
[16] Matthias Vallentin,”Network Intrusion Detection & Forensics with Bro”,
mitigation. Attack is created by flooding the targeted hosts or
2016
resource with false requests in an attempt to overload the
[17] Anshu Sharma,Monika Sharma ,”Analysis and implementation of BRO
network and prevent some or all legitimate hosts there
IDS using signature script”,2015
communication. For detection and mitigation of DoS attack
[18] http://www.bro.org/
we used signatures of attack in SNORT and BRO analyses
the packet history collected in scripting log files.
The performance of the network before and after DoS attack
mitigation is evaluated using packet loss, average time and
round trip time. It is observed that packet loss was 95%
reduced over the average time of 5 minutes.
In future we can extend this work to mitigate distributed
Denial of service attack i.e. DDoS attack. This effectively
makes it impossible to stop the attack simply by blocking a
single source.

ACKONOLEGEMENT
The authors would like to thank CDAC, Juhu, Mumbai for
giving us an opportunity to do this project and fulfilling our
requirements needed for execution of the project. The authors
would also like to thank Usha Mittal Institute of Technology
and department of computer science and technology for the
support provided. We would be grateful to our guide Dr. Zia
Saquib from CDAC, Sudhir T. Bagade and Amrapali V.
Mhaisgawali from UMIT for their timely help and guidance.

REFERENCES

[1] https://www.opennetworking.org/about/onf-overview
[2] https://www.opennetworking.org/sdn-resources/sdn-definition
[3] http://www.projectfloodlight.org/floodlight/
[4] Survey on DoS attack challenges in Software Defined Networking.
[5] Seungwon Shiny Vinod Yegneswaranz Phillip Porrasz Guofei Guy,
“AVANT-GUARD: Scalable and Vigilant Switch Flow Management in
Software-Defined Networks”,2013.
[6] H. Wang, L. Xu, and G. Gu,”Of-guard: A dos attack prevention extension
in Software defined network, In Open Networking”,Summit 2014, Poster
Session.USENIX.
[7] https://www.opennetworking.org/sdn-resources/sdn-definition
[8] https://en.wikipedia.org/wiki/Software Defined Network

978-1-5386-4031-9/17/$31.00 ©2017 IEEE 475