Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks
نویسندگان
چکیده
The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches coexistence brings new challenges of deployment inconsistency management security. Security is not well studied architecture. In this paper, we study the topology poisoning attacks in first time. We propose attack vectors link fabrication SDN. named “multi-hop fabrication,” which an adversary successfully injects fake multi-hop (MHL) by exploiting discovery protocols. presented Hybrid-Shield, verification framework discovery. Hybrid-Shield introduces novel technique that includes: i) monitoring switch host generated traffic at MHL ii) validating existence contained MHL. This paper presents prototype implementation over real controller. experimental evaluation performed with mininet virtual network emulation. Our shows capable detecting real-time high accuracy. Hybrid-Shield’s performance it lightweight controller as causes overhead requires no additional functionalities
منابع مشابه
Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
Software-Defined Networking (SDN) is a new networking paradigm that grants a controller and its applications an omnipotent power to have holistic network visibility and flexible network programmability, thus enabling new innovations in network protocols and applications. One of the core advantages of SDN is its logically centralized control plane to provide the entire network visibility, on whi...
متن کاملIdentifier Binding Attacks and Defenses in Software-Defined Networks
In this work, we demonstrate a novel attack in SDN networks, Persona Hijacking, that breaks the bindings of all layers of the networking stack and fools the network infrastructure into believing that the attacker is the legitimate owner of the victim’s identifiers, which significantly increases persistence. We then present a defense, SECUREBINDER, that prevents identifier binding attacks at all...
متن کاملSPHINX: Detecting Security Attacks in Software-Defined Networks
Software-defined networks (SDNs) allow greater control over network entities by centralizing the control plane, but place great burden on the administrator to manually ensure security and correct functioning of the entire network. We list several attacks on SDN controllers that violate network topology and data plane forwarding, and can be mounted by compromised network entities, such as end ho...
متن کاملTOPHAT: Topology-based Host-Level Attribution for Multi-Stage Attacks in Enterprise Systems using Software Defined Networks
Multi-layer distributed systems, such as those found in corporate systems, are often the target of multi-stage attacks. Such attacks utilize multiple victim machines, in a series, to compromise a target asset deep inside the corporate network. Under such attacks, it is difficult to identify the upstream attacker’s identity from a downstream victim machine because of the mixing of multiple netwo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Network and Service Management
سال: 2022
ISSN: ['2373-7379', '1932-4537']
DOI: https://doi.org/10.1109/tnsm.2021.3109099