Using INSPECTOR Device to Stop Packet Injection Attack in SDN

Alshra’a, Abdullah Soliman; Seitz, Jochen

doi:10.1109/lcomm.2019.2896928

Cited by 24 publications

(10 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For the security research of the data plane, SPHINX [12] detected both known and potentially unknown attacks on network topology and data-plane forwarding originating within an SDN by leveraging the novel abstraction of flow graphs. However, the attacker can bypass this method by distributing or slowing down the attack procedure [9]. FT-Guard [13] implemented a behavior-based priority-aware defense strategy to cope with the flow table overflow attack.…”

Section: Related Workmentioning

confidence: 99%

“…PacketChecker [8] only defends against packet-injection attacks based on a MAC address. The INSPECTOR [9] protects a compromised controller by verifying Packet-In messages, tops the attack efficiently, and enhances the performance of the controller under malicious attack. As a hardware device added to the SDN architecture, INSPECTOR requires additional measures to ensure that it is not damaged.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

et al. 2022

Sensors

View full text Add to dashboard Cite

Software-defined networking (SDN) is a new networking paradigm that realizes the fast management and optimal configuration of network resources by decoupling control logic and forwarding functions. However, centralized network architecture brings new security problems, and denial-of-service (DoS) attacks are among the most critical threats. Due to the lack of an effective message-verification mechanism in SDN, attackers can easily launch a DoS attack by faking the source address information. This paper presents DoSGuard, an efficient and protocol-independent defense framework for SDN networks to detect and mitigate such attacks. DoSGuard is a lightweight extension module on SDN controllers that mainly consists of three key components: a monitor, a detector, and a mitigator. The monitor maintains the information between the switches and the hosts for anomaly detection. The detector utilizes OpenFlow message and flow features to detect the attack. The mitigator protects networks by filtering malicious packets. We implement a prototype of DoSGuard in the floodlight controller and evaluate its effectiveness in a simulation environment. Experimental results show the DoSGuard achieves 98.72% detecion precision, and the average CPU utilization of the controller is only around 8%. The results demonstrate that DoSGuard can effectively mitigate DoS attacks against SDN with limited overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…In an SDN network, any data packet flow coming from an external network passes through a gateway switch before it gets routed through the internal SDN controlled network. In reactive mode [4], an SDN switch triggers a Packet-In message to be sent to the controller when it encounters any unmatched data packet flow [5]. Especially companies with outward facing servers open to traffic from new customers will have gateway switches operating in reactive mode.…”

Section: Background and Motivation A Packet Injection Attacksmentioning

confidence: 99%

“…Later, Alshraa et al [4] proposed another mitigation technique for packet injection attacks. In their approach, a specialized device, called INSPECTOR, prevents the controller separated from having to manage Packet-In messages from malicious data packet flows.…”

Section: B Related Workmentioning

confidence: 99%

“…We used the experimental set-up of Tanvir et al [12], consisting of a Mininet virtual network 1 , Open vSwitch (ver. 2.10.0) 2 , the Ryu SDN framework 3 , Apache CouchDB database software 4 , the Flask framework 5 , and the nping tool 6 . We run our experiments on an Intel(R) Core(TM) i7-5600U CPU at 2.60GHz with Ubuntu 14.04LTS and 8GB RAM.…”

Section: A Experimental Set-upmentioning

confidence: 99%

See 1 more Smart Citation

Protecting Software-Defined Enterprise Networks from Packet Injection Attacks

Huque

Hartog

2021

2021 IEEE 46th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

Packet injection attacks are a primary threat to software-defined enterprise networks, for which continuous connectivity and real-time network functioning are two essential requirements. They are a form of denial-of-service attacks, and their main effect is network performance degradation up to total breakdown. In this paper, we show how such an attack can effectively be detected and mitigated at the entrance gateway switch of the software-defined enterprise network without sacrificing the basic functionality and performance of the networks control mechanisms. We describe an effective protection of the network's core controller as well as a significant reduction of rule-space overhead compared to a state-of-the-art technique.

show abstract

A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers

Jan

Tan

Usman

et al. 2019

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware Defined Network (SDN) and Network Virtualization (NV) are emerged paradigms that simplified the control and management of the next generation networks, most importantly, Internet of Things (IoT), Cloud Computing, and Cyber‐Physical Systems. The Internet of Things (IoT) includes a diverse range of a vast collection of heterogeneous devices that require interoperable communication, scalable platforms, and security provisioning. Security provisioning to an SDN‐based IoT network poses a real security challenge leading to various serious security threats due to the connection of various heterogeneous devices having a wide range of access protocols. Furthermore, the logical centralized controlled intelligence of the SDN architecture represents a plethora of security challenges due to its single point of failure. It may throw the entire network into chaos and thus expose it to various known and unknown security threats and attacks. Security of SDN controlled IoT environment is still in infancy and thus remains the prime research agenda for both the industry and academia. This paper comprehensively reviews the current state‐of‐the‐art security threats, vulnerabilities, and issues at the control plane. Moreover, this paper contributes by presenting a detailed classification of various security attacks on the control layer. A comprehensive state‐of‐the‐art review of the latest mitigation techniques for various security breaches is also presented. Finally, this paper presents future research directions and challenges for further investigation down the line.

show abstract

Using INSPECTOR Device to Stop Packet Injection Attack in SDN

Cited by 24 publications

References 12 publications

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

DoSGuard: Mitigating Denial-of-Service Attacks in Software-Defined Networks

Protecting Software-Defined Enterprise Networks from Packet Injection Attacks

A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers

Contact Info

Product

Resources

About