Traffic-based Malicious Switch Detection in SDN

In Software Defined Networking (SDN) architecture, the control plane is separated from the data plane. On one hand, OpenFlow switches can only store and forward packets, which leaves all decisions to be made by the controller. On the other hand, the controller has a global view over the SDN. But if any switch is captured by an adversary, it may mislead the controller to make inaccurate decisions which may have terrible influences on the overall networks. In this paper, we elaborate on these problems and propose methods to detect malicious OpenFlow switches. We set a threshold value of the traffic-flows across an OpenFlow switch. If the switch’s current traffic-flows exceed the threshold value, the controller has reasons to believe that this switch is suspicious and may monitor it intensively. Another scheme is to add a third-party server to accept users’ report to warn the controller. In SDN, the controller cannot communicate with users directly, and sometimes users need to feed back their experience to the controller to help improve the SDN. In this case, it is necessary to set a third-party server in SDN to act as a middle role. These two schemes help to detect malicious switches. The controller can analyze the flow table of the suspicious switch and identify whether it is really malicious before isolating it.

[1]  Richard Wang,et al.  OpenFlow-Based Server Load Balancing Gone Wild , 2011, Hot-ICE.

[2]  Otto Carlos Muniz Bandeira Duarte,et al.  OMNI: OpenFlow MaNagement Infrastructure , 2011, 2011 International Conference on the Network of the Future.

[3]  Siaw-Lynn Ng,et al.  Comments on "Proving Reliability of Anonymous Information in VANETs" by Kounga , 2010, IEEE Trans. Veh. Technol..

[4]  David L. Black,et al.  The Addition of Explicit Congestion Notification (ECN) to IP , 2001, RFC.

[5]  Rob Sherwood,et al.  FlowVisor: A Network Virtualization Layer , 2009 .

[6]  J Gettys,et al.  Bufferbloat: Dark Buffers in the Internet , 2011, IEEE Internet Computing.

[7]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[8]  Olivier Bonaventure,et al.  Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services , 2012 .

[9]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM 2011.

[10]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[11]  Rob Sherwood,et al.  On Controller Performance in Software-Defined Networks , 2012, Hot-ICE.

[12]  Tarun Kumar,et al.  Open Flow Switch with Intrusion Detection System , 2012 .

[13]  Nick McKeown,et al.  Simple unified control for packet and circuit networks , 2009, 2009 IEEE/LEOS Summer Topical Meeting.

[14]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[15]  Sven Lachmund,et al.  Proving Reliability of Anonymous Information in VANETs , 2009, IEEE Transactions on Vehicular Technology.

[16]  Bu-Sung Lee,et al.  An efficient flow cache algorithm with improved fairness in Software-Defined Data Center Networks , 2013, 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet).

[17]  Ki-Hyung Kim,et al.  An efficient packet processing protocol based on exchanging messages between switches and controller in OpenFlow networks , 2013, 2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT).

[18]  Rob Sherwood,et al.  Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013, The Chinese University of Hong Kong, Hong Kong, China, Friday, August 16, 2013 , 2013, HotSDN.

[19]  Petr Kuznetsov,et al.  STN: A Robust and Distributed SDN Control Plane , 2014 .

[20]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[21]  Nico Bayer,et al.  OpenFlow for Wireless Mesh Networks , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).