Using INSPECTOR Device to Stop Packet Injection Attack in SDN

The software-defined network (SDNs) architecture can easily be attacked by a malicious user in order to prevent an acceptable level of service. Therefore, SDN security is a hot research topic to improve the SDN architecture and to protect the service level of the SDN components. In this letter, the INSPECTOR is a hardware device added to the SDN architecture to protect a compromised controller from a packet injection attack by verifying the authentication of Packet-In Messages accessing network resources. With simulations, we show that the INSPECTOR device efficiently stops the attack and enhances the controller performance under malicious attack.

[1]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[2]  Gautam Barua,et al.  PPCU: Proportional per-packet consistent updates for Software Defined Networks , 2016, 2016 IEEE 24th International Conference on Network Protocols (ICNP).

[3]  Xing Gao,et al.  Packet Injection Attack and Its Defense in Software-Defined Networks , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[5]  Didier Colle,et al.  OpenFlow: Meeting carrier-grade recovery requirements , 2013, Comput. Commun..

[6]  Vivek Nigam,et al.  Slow TCAM Exhaustion DDoS Attack , 2017, SEC.

[7]  Brij B. Gupta,et al.  Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment , 2019, J. Ambient Intell. Humaniz. Comput..

[8]  Artur Ziviani,et al.  BEEP: Balancing Energy, Redundancy, and Performance in Fat-Tree Data Center Networks , 2017, IEEE Internet Computing.

[9]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[10]  Danda B. Rawat,et al.  Software Defined Networking Architecture, Security and Energy Efficiency: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[11]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[12]  Tuomas Aura,et al.  Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch , 2014, NordSec.