ABSTRACT
Software-Defined Networking (SDN) introduces a new communication network management paradigm and has gained much attention recently. In SDN, a network controller overlooks and manages the entire network by configuring routing mechanisms for underlying switches. The switches report their status to the controller periodically, such as port statistics and flow statistics, according to their communication protocol. However, switches may contain vulnerabilities that can be exploited by attackers. A compromised switch may not only lose its normal functionality, but it may also maliciously paralyze the network by creating network congestions or packet loss. Therefore, it is important for the system to be able to detect and isolate malicious switches. In this work, we investigate a methodology for an SDN controller to detect compromised switches through real-time analysis of the periodically collected reports. Two types of malicious behavior of compromised switches are investigated: packet dropping and packet swapping. We proposed two anomaly detection algorithms to detect packet droppers and packet swappers. Our simulation results show that our proposed methods can effectively detect packet droppers and swappers. To the best of our knowledge, our work is the first to address malicious switches detection using statistics reports in SDN.
- The Open Networking Foundation. https://www.opennetworking.org/about.Google Scholar
- M. Aminian and F. Aminian. Neural-network based analog-circuit fault diagnosis using wavelet transform as preprocessor. Circuits and Systems II: Analog and Digital Signal Processing, IEEE Transactions on, 47(2):151--156, Feb 2000.Google Scholar
- S. R. Chowdhury, M. F. Bari, R. Ahmed, and R. Boutaba. PayLess: A Low Cost Network Monitoring Framework for Software Defined Networks. In Network Operations and Management Symposium (NOMS), 2014 IEEE, pages 1--9, May 2014.Google Scholar
- Cisco. Introduction to Cisco IOS NetFlow, 2012. http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.pdf(last accessed: July 4, 2015).Google Scholar
- X. Du, M.-Z. Wang, X. Zhang, and L. Zhu. Traffic-based Malicious Switch Detection in SDN. International Journal of Security and Its Applications, 8(5):119--130, 2014.Google ScholarCross Ref
- M. Garcia, A. Bessani, I. Gashi, N. Neves, and R. Obelheiro. Analysis of operating system diversity for intrusion tolerance. Software: Practice and Experience, 44(6):735--770, 2014.Google ScholarDigital Library
- R. Isermann. Supervision, fault-detection and fault-diagnosis methods -- An introduction. Control Engineering Practice, 5(5):639--652, 1997.Google ScholarCross Ref
- R. Isermann. Fault-Diagnosis Systems: An Introduction from Fault Detection to Fault Tolerance. Springer Berlin Heidelberg, 2006.Google Scholar
- I. Katzela and M. Schwartz. Schemes for fault identification in communication networks. Networking, IEEE/ACM Transactions on, 3(6):753--764, Dec 1995. Google ScholarDigital Library
- D. Kreutz, F. M. Ramos, and P. Verissimo. Towards Secure and Dependable Software-defined Networks. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN '13, pages 55--60, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner. OpenFlow: Enabling Innovation in Campus Networks. SIGCOMM Comput. Commun. Rev., 38(2):69--74, Mar. 2008. Google ScholarDigital Library
- S. Neti, A. Somayaji, and M. E. Locasto. Software Diversity: Security, Entropy and Game Theory. In 7th USENIX Workshop on Hot Topics in Security, Berkeley, CA, 2012. USENIX. Google ScholarDigital Library
- S. Shin, V. Yegneswaran, P. Porras, and G. Gu. AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS '13, pages 413--424, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- M. Steinder and A. S. Sethi. Probabilistic fault localization in communication systems using belief networks. Networking, IEEE/ACM Transactions on, 12(5):809--822, Oct 2004. Google ScholarDigital Library
- The Open Networking Foundation. OpenFlow Switch Specification, 2013. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/penflow/openflow-spec-v1.4.0.pdf (last accessed: July 4, 2015).Google Scholar
- L. Wei and C. Fung. FlowRanger: A Request Prioritizing Algorithm for Controller DoS Attacks in Software Defined Networks. In IEEE International Conference on Communications (ICC 2015). IEEE, 2015.Google Scholar
Index Terms
- FlowMon: Detecting Malicious Switches in Software-Defined Networks
Recommendations
Performance impact of topology poisoning attack in SDN and its countermeasure
SIN '17: Proceedings of the 10th International Conference on Security of Information and NetworksTopology Discovery is a crucial task for a controller in Software Defined Networks (SDN). In this paper, we present an attack model to disturb topology discovery service of controller, by injecting fake links in the network. Our attack model assumes, ...
Efficient mismatched packet buffer management with packet order-preserving for OpenFlow networks
OpenFlow-based networks simplify network management and improve network programmability by centralized network control. Existing OpenFlow networks employ packet-granularity mismatched packet buffer management to reduce the switch-controller ...
SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks
FCST '15: Proceedings of the 2015 Ninth International Conference on Frontier of Computer Science and TechnologyThe Distributed Denial of Service (DDoS) attack has seriously harmed network availability over decades and there is still no effective defense mechanism. The emerging software-defined networking (SDN) gives a new way to rethink the defense of DDoS ...
Comments