Securing P4-SDN Data Plane against Flow Table Modification Attack

被引:2
|
作者
Reddy, Buchammagari Avinash [1 ]
Sahoo, Kshira Sagar [2 ]
Bhuyan, Monowar [2 ]
机构
[1] IIIT Naya Raipur, Dept Data Sci & Artificial Intelligence, Raipur, India
[2] Umea Univ, Dept Comp Sci, SE-90187 Umea, Sweden
来源
PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024 | 2024年
关键词
SDN; Flow table security; Flow rule modification attack; P4; switch; Data plane;
D O I
10.1109/NOMS59830.2024.10575461
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Security in Software Defined Network (SDN) architecture is becoming the most substantial challenge. This paper introduces a novel threat model focused on flow table modification in the P4-programmable SDN data plane, outlining an attacker's stochastic manipulation of flow rules from a compromised switch. A detection framework is proposed to identify the malicious switch within the network by utilizing the thrift port. Moreover, a fuzzy-rule-based mitigation strategy has been proposed to identify the severity of attacks. The feasibility and effectiveness of the methodology are evaluated using a developed testbed setup by employing Facebook datacenter fabric topology in a Mininet emulator and BMv2 switch.
引用
收藏
页数:5
相关论文
共 50 条
  • [1] Toward Mitigation of Flow Table Modification Attacks in P4-Based SDN Data Plane
    Reddy, Buchammagari Avinash
    Sahoo, Kshira Sagar
    Bhuyan, Monowar
    SECURITY AND PRIVACY, 2025, 8 (02):
  • [2] Disrupting SDN via the Data Plane: A Low-Rate Flow Table Overflow Attack
    Cao, Jiahao
    Xu, Mingwei
    Li, Qi
    Sun, Kun
    Yang, Yuan
    Zheng, Jing
    SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2017, 2018, 238 : 356 - 376
  • [3] Flow Table Saturation Attack against Dynamic Timeout Mechanisms in SDN
    Shen, Yi
    Wu, Chunming
    Kong, Dezhang
    Cheng, Qiumei
    APPLIED SCIENCES-BASEL, 2023, 13 (12):
  • [4] Securing SDN Southbound and Data Plane Communication with IBC
    Lam, JunHuy
    Lee, Sang-Gon
    Lee, Hoon-Jae
    Oktian, Yustus Eko
    MOBILE INFORMATION SYSTEMS, 2016, 2016
  • [5] Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN
    Yue, Meng
    Yan, Qingxin
    Zheng, Han
    Wu, Zhijun
    SECURITY AND COMMUNICATION NETWORKS, 2022, 2022
  • [6] Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN
    Yue, Meng
    Yan, Qingxin
    Zheng, Han
    Wu, Zhijun
    Security and Communication Networks, 2022, 2022
  • [7] A two-phase detection method against APT attack on flow table management in SDN
    Xinfeng He
    Shuchao Sun
    The Journal of Supercomputing, 2023, 79 : 15415 - 15434
  • [8] A two-phase detection method against APT attack on flow table management in SDN
    He, Xinfeng
    Sun, Shuchao
    JOURNAL OF SUPERCOMPUTING, 2023, 79 (14): : 15415 - 15434
  • [9] DDoS Attack Detection and Mitigation at SDN Data Plane Layer
    Abdulkarem, Huda Saleh
    Dawod, Ammar
    2020 IEEE 2ND GLOBAL POWER, ENERGY AND COMMUNICATION CONFERENCE (IEEE GPECOM2020), 2020, : 322 - 326
  • [10] SDN Control Plane Security in Cloud Computing Against DDoS Attack
    Khimabhai, Yadav Ashok
    Rohokale, Vandana
    INTERNATIONAL CONFERENCE ON ADVANCES IN INFORMATION COMMUNICATION TECHNOLOGY & COMPUTING, 2016, 2016,
12345