Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks
Shrivastava, Pragati and Kataoka, Kotaro (2022) Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks. IEEE Transactions on Network and Service Management, 19 (1). pp. 510-523. ISSN 2373-7379
Text
IEEE_Transactions_on_Network_and_Service_Management.pdf - Published Version Restricted to Registered users only Download (3MB) | Request a copy |
Abstract
The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named 'multi-hop link fabrication,' in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield's performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment. © 2022 IEEE.
IITH Creators: |
|
||||
---|---|---|---|---|---|
Item Type: | Article | ||||
Uncontrolled Keywords: | Hybrid software-defined network; Link Discovery; Multi-hop links; Openflow; Poisoning attacks; Smooth transitions; Software-defined network; Software-defined networks; Topology poisoning | ||||
Subjects: | Computer science | ||||
Divisions: | Department of Computer Science & Engineering | ||||
Depositing User: | . LibTrainee 2021 | ||||
Date Deposited: | 22 Jul 2022 06:14 | ||||
Last Modified: | 22 Jul 2022 06:14 | ||||
URI: | http://raiithold.iith.ac.in/id/eprint/9579 | ||||
Publisher URL: | http://doi.org/10.1109/TNSM.2021.3109099 | ||||
OA policy: | https://v2.sherpa.ac.uk/id/publication/3530 | ||||
Related URLs: |
Actions (login required)
View Item |
Statistics for this ePrint Item |