Sharif Digital Repository

Software Defined Networking (SDN) provides a logically centralized view of the state of the network, and as a result opens up new ways to manage and monitor networks. In this dissertation a novel approach to network intrusion detection in SDNs is introduced that takes advantage of these attributes. This approach can detect compromised routers that produce faulty messages, copy or steal traffic or maliciously drop certain types of packets. To identify these attacks and the affected switches, we correlate the forwarding state of network---i.e. installed forwarding rules---with the forwarding status of packets---i.e. the actual route packets take in the network and detect anomaly in routes....