Setting Malicious Flow Entries Against SDN Operations: Attacks and Countermeasures

Cheng Hsu Lin, Chi-Yu Li, Kuo-Chen Wang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Software-defined networking (SDN) apps are developed to support various functions (e.g., traffic engineering, routing, security, etc.) for SDN networks. Their operations rely on the APIs offered by the control plane. They may be compromised or designed to be malicious by third parties. Though there have been many studies against malicious apps, they only restrict the APIs used by them with coarse-grained controls. In this work, we seek to show that some malicious flow entries cannot be detected or prevented by current defenses. They may impede the operations of control-plane services or hinder packets from being forwarded correctly in the data plane. To show their negative impact, we devise two attacks, topology spoofing and forwarding-based DoS, as well as examine their damage and analyze root causes. We then propose a context-Aware, event-based anomaly detection (CEAD) framework to defend against the malicious flow entries. It provides more fine-grained controls over the flow entries set by apps. Different from other studies, it does anomaly detection by examining the context correlation between an event, the app registering it, and the flow entries set by the app for the event. Our evaluation results show that the CEAD can detect all the malicious flow entries in our given cases, and confirm its scalability with negligible overhead at increasing TCP connection attempt rates.

Original languageEnglish
Title of host publicationDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538657904
DOIs
StatePublished - 23 Jan 2019
Event2018 IEEE Conference on Dependable and Secure Computing, DSC 2018 - Kaohsiung, Taiwan
Duration: 10 Dec 201813 Dec 2018

Publication series

NameDSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing

Conference

Conference2018 IEEE Conference on Dependable and Secure Computing, DSC 2018
CountryTaiwan
CityKaohsiung
Period10/12/1813/12/18

Keywords

  • DoS
  • SDN
  • context-Aware
  • security
  • topology spoofing

Fingerprint Dive into the research topics of 'Setting Malicious Flow Entries Against SDN Operations: Attacks and Countermeasures'. Together they form a unique fingerprint.

  • Cite this

    Lin, C. H., Li, C-Y., & Wang, K-C. (2019). Setting Malicious Flow Entries Against SDN Operations: Attacks and Countermeasures. In DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing [8625101] (DSC 2018 - 2018 IEEE Conference on Dependable and Secure Computing). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DESEC.2018.8625101