Defense Against Software-Defined Network Topology Poisoning Attacks
نویسندگان
چکیده
Software-Defined Network (SDN) represents a new network paradigm. Unlike conventional networks, SDNs separate control planes and data planes. The function of plane is enabled using switches, whereas that facilitated by controller. controller learns topologies makes traffic forwarding decisions. However, some serious vulnerabilities are gradually exposed in the topology management services current SDN designs. These mainly exist host tracking link discovery services. Attackers can exploit these weak points to poison information controllers. In this study, novel solution proposed defend against poisoning attacks. By analyzing existing attack principles threat models, work constructs legal conditions for migration detect hijacking checking Link Layer Discovery Protocol (LLDP) source integrity designed fabrication A relay-type detection method based on entropy also designed. Results show effectively topological attacks provide complete comprehensive security protection.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملMoving Target Defense Against Network Reconnaissance with Software Defined Networking
Online hosts and networks are easy targets of network attacks due to their static nature, which creates an information asymmetry and makes them easy to attack and hard to defend. To break the asymmetry, Moving Target Defense was proposed to bring uncertainties to computer systems. It can be applied to all levels of protections, covering applications, system software, operating systems, and netw...
متن کاملCooperative Defense against Network Attacks
Distributed denial of service (DDoS) attacks on the Internet have become an immediate problem. As DDoS streams do not have common characteristics, currently available intrusion detection systems (IDS) can not detect them accurately. As a result, defend DDoS attacks based on current available IDS will dramatically affect legitimate traffic. In this paper, we propose a distributed approach to def...
متن کاملA Review of Intrusion Detection Defense Solutions Based on Software Defined Network
Most networks without fixed infrastructure are based on cloud computing face various challenges. In recent years, different methods have been used to distribute software defined network to address these challenges. This technology, while having many capabilities, faces some vulnerabilities in the face of some common threats and destructive factors such as distributed Denial of Service. A review...
متن کاملPoisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
Software-Defined Networking (SDN) is a new networking paradigm that grants a controller and its applications an omnipotent power to have holistic network visibility and flexible network programmability, thus enabling new innovations in network protocols and applications. One of the core advantages of SDN is its logically centralized control plane to provide the entire network visibility, on whi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Tsinghua Science & Technology
سال: 2023
ISSN: ['1878-7606', '1007-0214']
DOI: https://doi.org/10.26599/tst.2021.9010077