论文信息 - Denial-of-service attacks in OpenFlow SDN networks

Denial-of-service attacks in OpenFlow SDN networks

Software-Defined Networking (SDN) has recently gained significant momentum. However, before any large scale deployments, it is important to understand security issues arising from this new technology. This paper discusses two types of Denial-of-Service (DoS) attacks specific to OpenFlow SDN networks. We emulate them on Mininet and provide an analysis on the effect of these attacks. We find that the timeout value of a flow rule, and the control plane bandwidth have a significant impact on the switch's capability. If not configured appropriately, they may allow successful DoS attacks. Finally, we highlight possible mitigation strategies to address such attacks.

Markku Antikainen | Rajat Kandoi | M. Antikainen | R. Kandoi

[1] Fernando M. V. Ramos,et al. Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[2] Tuomas Aura,et al. Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch , 2014, NordSec.

[3] Fernando M. V. Ramos,et al. Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[4] Guofei Gu,et al. Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[5] Kevin Benton,et al. OpenFlow vulnerability assessment , 2013, HotSDN '13.

[6] Paul Smith,et al. OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[7] Vinod Yegneswaran,et al. AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.