標題: | Setting Malicious Flow Entries Against SDN Operations: Attacks and Countermeasures |
作者: | Lin, Cheng-Hsu Li, Chi-Yu Wang, Kuochen 資訊工程學系 Department of Computer Science |
關鍵字: | SDN;security;topology spoofing;DoS;context-aware |
公開日期: | 1-Jan-2018 |
摘要: | Software-defined networking (SDN) apps are developed to support various functions (e.g., traffic engineering, routing, security, etc.) for SDN networks. Their operations rely on the APIs offered by the control plane. They may be compromised or designed to be malicious by third parties. Though there have been many studies against malicious apps, they only restrict the APIs used by them with coarse-grained controls. In this work, we seek to show that some malicious flow entries cannot be detected or prevented by current defenses. They may impede the operations of control-plane services or hinder packets from being forwarded correctly in the data plane. To show their negative impact, we devise two attacks, topology spoofing and forwarding-based DoS, as well as examine their damage and analyze root causes. We then propose a context-aware, event-based anomaly detection (CEAD) framework to defend against the malicious flow entries. It provides more fine-grained controls over the flow entries set by apps. Different from other studies, it does anomaly detection by examining the context correlation between an event, the app registering it, and the flow entries set by the app for the event. Our evaluation results show that the CEAD can detect all the malicious flow entries in our given cases, and confirm its scalability with negligible overhead at increasing TCP connection attempt rates. |
URI: | http://hdl.handle.net/11536/151758 |
ISBN: | 978-1-5386-5790-4 |
期刊: | 2018 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC) |
起始頁: | 205 |
結束頁: | 212 |
Appears in Collections: | Conferences Paper |