Analytics-Enhanced Automated Code Verification for Dependability of Software-Defined Networks

Software-defined networking (SDN) is a key emerging technology that enables networks to be programmed and dynamically reconfigured through software-based network applications. This programability also significantly increases the exposure of these networks to software application faults, which can compromise or crash the underlying SDN network. It is thus imperative to detect subtle faulty or malicious behaviors of network applications prior to deployment. Automated code verification based on software model checking provides promise for early identification of such behaviors; however, it faces inherent challenges w.r.t. scalability, soft real-time behaviors, and the need for pre-specified thresholds, that significantly limits its usefulness for verifying SDN networks in practice. We describe an approach that enhances automated verification with machine learning-based analytics to detect and identify faulty or malicious behaviors that can compromise network reliability, performance, and security. A novel aspect of our work is that the analytics algorithms learn on information provided by automated verification, coupled with real-time inputs and outputs, to learn thresholds that can be used in software model checking, and to identify anomalous execution paths of network applications that may compromise the underlying SDN network. We demonstrate our approach with a proof-of-concept case study on the ONOS open-source SDN network operating system, using our customization of the Java Path Finder tool and the application of our machine learning algorithms.