On the fine-grained fingerprinting threat to software-defined networks

Hou, Jianwei; Zhang, Minjian; Zhang, Ziqi; Shi, Wenchang; Qin, Bo; Liang, Bin

doi:10.1016/j.future.2020.01.046

Cited by 13 publications

(20 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…e data packet delay forwarding defense [9,10,[17][18][19][20]. e authors of [13][14][15][16] are mainly aimed at the fingerprint attack of the flow table matching rule.…”

Section: Other Methods Khorsandroo and Tosunmentioning

confidence: 99%

“…In the real SDN, the location of the host will not change frequently, and the host connected to the switch port will not change frequently in the network [17]. Based on this, Hou et al [18] analyzed the common characteristics of time-based fingerprint attacks in SDNs, and explored a lightweight method to counter fingerprint attacks, taking the source IP and source MAC changes of the host address as potential fingerprint detection behavior, when the host address changes, delay the installation of matching rules in the switch, thereby increasing the difficulty of fingerprint attacks. Notwithstanding, if the attacker only uses one host to perform a fingerprint attack, this method is not applicable.…”

Section: Packet Delay Forwardingmentioning

confidence: 99%

See 1 more Smart Citation

Research on SDN Fingerprint Attack Defense Mechanism Based on Dynamic Disturbance and Information Entropy Detection

Fang

Zhang

Lin

2022

Security and Communication Networks

View full text Add to dashboard Cite

As an emerging type of network architecture, SDN is widespread used and security issues have also received more and more attention. Fingerprint attacks represent one of the most significant threats to network security. Attackers obtain key fingerprint information of the target network, which lays the foundation for subsequent more threatening attacks. Currently, research on domestic and international SDN fingerprint attacks focuses on how to attack, and less research is being done on how to defend against fingerprinting attacks. This paper proposes a mechanism for defending fingerprint attacks that combines dynamic disturbance and information entropy detection. This mechanism adopts the principle of fingerprint attack, combined with a moving average algorithm, Bloom Filter, and packet delay tool, to confuse opponents by disturbing a small number of packets, simultaneously, combined with the information entropy detection to make real-time processing feedback to the network. The experimental results show that this mechanism works effectively to defend SDNs against fingerprint attacks without affecting the normal network communication.

show abstract

“…e data packet delay forwarding defense [9,10,[17][18][19][20]. e authors of [13][14][15][16] are mainly aimed at the fingerprint attack of the flow table matching rule.…”

Section: Other Methods Khorsandroo and Tosunmentioning

confidence: 99%

Section: Packet Delay Forwardingmentioning

confidence: 99%

Research on SDN Fingerprint Attack Defense Mechanism Based on Dynamic Disturbance and Information Entropy Detection

Fang

Zhang

Lin

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Bilal and Nadeem [15] focused on a specific data plane attack referred to as Flow Table Entry Attack (FTEA) to infer the flow replacement policy in an SDN-based environment. Hou et al [16] presented a finegrained fingerprinting method that it can learn the match fields of flow rules by distinguishing the transmission delays of different packets. Cao et al [17] designed a deep learningbased method to fingerprint SDN applications from mixed control traffic.…”

Section: Related Workmentioning

confidence: 99%

“…add(index) (6) H(index).Counter ← 0 and H(index).Tag ← 0 (7) for NumTag � 0 to m do (8) setDelayTag(Flow(index).Packet NumTag , genProbability(NumTag) (9) if the label of Flow(index).Packet NumTag is delayed, then (10) delay(Flow(index).Packet NumTag , random(0.5, 1) * rtt) to proxy (11) end if (12) end for (13) H(index).Tag ← NumTag (14) else (15) H(index).Counter ← H(index).Counter + 1 (16) if H(packet i ).Counter � H(index).Tag, then (17) for NumTag � H(index).Tag to H(index).Tag + m do (18) setDelayTag(Flow(index).Packet NumTag , genProbanility(NumTag)) (19) if the label of Flow(index).Packet NumTag is delayed, then (20) delay(Flow(index).Packet NumTag , random(0.5, 1) * rtt) ro proxy (21) end if (22) end for packets of the flow, the probability decision component updates the counter value and compares the value with the tag value. Once the two values are detected to be equal, a new round of packet advance decision is made (lines [16][17][18] and the tag value is updated (line 23). e advanced decision mechanism effectively avoids the controller to make finegrained interference decisions for each packet in real time (if each packet in the flow requires a fine-grained decision by the controller, it means that each packet will be disturbed, which will degrade network performance).…”

Section: Detailed Designmentioning

confidence: 99%

See 1 more Smart Citation

A Lightweight SDN Fingerprint Attack Defense Mechanism Based on Probabilistic Scrambling and Controller Dynamic Scheduling Strategies

Wang

Chen

2021

Security and Communication Networks

View full text Add to dashboard Cite

Software-defined networking (SDN) decouples the control plane from the data plane, which increases network flexibility and programmability. However, the “three-layer two-interface” architecture of SDN introduces new security issues. Attackers can collect fingerprint information (such as network types, controller types, and critical flow rules) by analyzing round-trip time (RTT) distribution of test packets. In order to defend against the fingerprint attack with limited attack time, we first design a probabilistic scrambling strategy. This strategy not only interferes with the delay distribution of probe packets in attack flow but also reduces the negative impact on the performance of legal packets in normal flow. However, if fingerprint attackers have unlimited attack time, it is not enough to defend against the attack only by this strategy. Therefore, we further propose a controller dynamic scheduling strategy to change SDN fingerprint information actively. Because scheduling different types of controllers to work in different periods will generate costs, the scheduling strategy is also responsible for determining the optimal switching time point to balance security benefits and costs. At last, we implement the defense mechanism on different types of controllers and verify its effectiveness in experimental scenarios. The experimental results show that the mechanism can effectively hide the SDN fingerprint information while reducing the negative impact on network performance.

show abstract