“…The vulnerability of flow table overflow in SDN potentially exists in SDN-based cloud computing network and other important SDN-based networking systems [11,12].…”
As the most competitive solution for next-generation network, SDN and its dominant implementation OpenFlow are attracting more and more interests. But besides convenience and flexibility, SDN/OpenFlow also introduces new kinds of limitations and security issues. Of these limitations, the most obvious and maybe the most neglected one is the flow table capacity of SDN/OpenFlow switches. In this paper, we proposed a novel inference attack targeting at SDN/OpenFlow network, which is motivated by the limited flow table capacities of SDN/OpenFlow switches and the following measurable network performance decrease resulting from frequent interactions between data and control plane when the flow table is full. To the best of our knowledge, this is the first proposed inference attack model of this kind for SDN/OpenFlow. We implemented an inference attack framework according to our model and examined its efficiency and accuracy. The evaluation results demonstrate that our framework can infer the network parameters (flow table capacity and usage) with an accuracy of 80% or higher. We also proposed two possible defense strategies for the discovered vulnerability, including routing aggregation algorithm and multilevel flow table architecture. These findings give us a deeper understanding of SDN/OpenFlow limitations and serve as guidelines to future improvements of SDN/OpenFlow.
“…The vulnerability of flow table overflow in SDN potentially exists in SDN-based cloud computing network and other important SDN-based networking systems [11,12].…”
As the most competitive solution for next-generation network, SDN and its dominant implementation OpenFlow are attracting more and more interests. But besides convenience and flexibility, SDN/OpenFlow also introduces new kinds of limitations and security issues. Of these limitations, the most obvious and maybe the most neglected one is the flow table capacity of SDN/OpenFlow switches. In this paper, we proposed a novel inference attack targeting at SDN/OpenFlow network, which is motivated by the limited flow table capacities of SDN/OpenFlow switches and the following measurable network performance decrease resulting from frequent interactions between data and control plane when the flow table is full. To the best of our knowledge, this is the first proposed inference attack model of this kind for SDN/OpenFlow. We implemented an inference attack framework according to our model and examined its efficiency and accuracy. The evaluation results demonstrate that our framework can infer the network parameters (flow table capacity and usage) with an accuracy of 80% or higher. We also proposed two possible defense strategies for the discovered vulnerability, including routing aggregation algorithm and multilevel flow table architecture. These findings give us a deeper understanding of SDN/OpenFlow limitations and serve as guidelines to future improvements of SDN/OpenFlow.
“…However, this may not be a feasible solution for our problem. Wang et al [21] have proposed a sleep schedule mechanism for all the nodes in the network. Their method prolongs the network lifetime but cannot be applicable to our problem because in our case nodes have to continuously sense data.…”
Section: Phase 2: Relay Nodes In Bottleneck Zonementioning
BackgroundObject tracking is one of the most practical applications of WSN. Wireless network is itself vulnerable and when combined with sensors the other errors that add upon to it are sensor failures, localization errors, prediction, and detection errors. Robust and effective solutions that could recover the information of tracking object are required for making wireless sensor networks more acceptable. Efficient energy management and enhanced network lifetime are other desired design aspects of a wireless sensor network application. Rout and Ghosh [1] tackle the problem of the area around the sink node that is a bottleneck zone as more activity is reported there, causing improper load balance that affects the overall network lifetime. They attempted to solve this problem by proposing a duty cycled wireless sensor network. The sensor nodes in the bottleneck zone are divided into two groups in their approach: simple relay sensors and network coder sensors. While the relay nodes simply forward the received data, the network coder nodes transmit using a network coding based algorithm. Energy efficiency of the bottleneck zone hence increases as more volume of data will be transmitted to the Sink with the same number of transmissions. Park and Shi [2] suggest strategies of deploying additional sensors in the bottleneck zone in due course of time to maintain a desired level of network connectivity. The major concerns of WSNs are studied by Mohsin [3] who also Abstract It is a challenging task for all Harbors or Naval Administration to restrict and monitor the movement of defense or commercial ships. Most commonly used techniques of monitoring are radars and satellite images. These techniques are not reliable as radars can be turned off voluntarily and receptions of images are affected by adverse climatic conditions. This paper proposes a reliable ship intruder detection algorithm that classifies different types of objects approaching the model system in and out of phase with the ocean waves. The proposed technique also takes care of superimposition of temporal and spatial values of nodes that are presumably deployed in the sea surface up to a certain distance. Simulation results prove that the proposed algorithm detects and classifies objects efficiently even when 50% of the nodes reporting the tracking phenomenon are tampered. Rao and Kamila Hum. Cent. Comput. Inf. Sci. (2017) Comput. Inf. Sci. (2017) 7:14 survey the performance tradeoffs in terms of energy, tracking error and other performance metrics of the available sensors in established network architectures. Tracking and monitoring techniques need to be designed by taking account of these parameters. A simple and efficient tracking system based on Oriented FAST and Rotated BRIEF (ORB) is presented by Wu et al. [4]. It is a fast binary descriptor where good matched points are obtained by computing Hamming distance. Based on the matched points and temporal-spatial constraint, location of the object in new frame is obtained. Tracking applications of wire...
“…In [43] Architecture is presented where each node is connected to a domain controller through an embedded virtual switch. This controller is on the edge of the network and acts as a domain controller and provide authentication of the network devices.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.