Securing P4-SDN Data Plane against Flow Table Modification Attack

被引：2

作者：

Reddy, Buchammagari Avinash ^{[1
]}

Sahoo, Kshira Sagar ^{[2
]}

Bhuyan, Monowar ^{[2
]}

机构：

[1] IIIT Naya Raipur, Dept Data Sci & Artificial Intelligence, Raipur, India

[2] Umea Univ, Dept Comp Sci, SE-90187 Umea, Sweden

来源：

PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024 | 2024年

关键词：

SDN; Flow table security; Flow rule modification attack; P4; switch; Data plane;

D O I：

10.1109/NOMS59830.2024.10575461

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security in Software Defined Network (SDN) architecture is becoming the most substantial challenge. This paper introduces a novel threat model focused on flow table modification in the P4-programmable SDN data plane, outlining an attacker's stochastic manipulation of flow rules from a compromised switch. A detection framework is proposed to identify the malicious switch within the network by utilizing the thrift port. Moreover, a fuzzy-rule-based mitigation strategy has been proposed to identify the severity of attacks. The feasibility and effectiveness of the methodology are evaluated using a developed testbed setup by employing Facebook datacenter fabric topology in a Mininet emulator and BMv2 switch.

引用

页数：5

共 50 条

[11] SecFT-SDN: Securing the Flow-Table for Software- Defined Network
You, Ruibang
Tu, Bibo
Yuan, Zimu
Cheng, Jie
2019 IEEE INTL CONF ON PARALLEL & DISTRIBUTED PROCESSING WITH APPLICATIONS, BIG DATA & CLOUD COMPUTING, SUSTAINABLE COMPUTING & COMMUNICATIONS, SOCIAL COMPUTING & NETWORKING (ISPA/BDCLOUD/SOCIALCOM/SUSTAINCOM 2019), 2019, : 1139 - 1146
[12] Mitigating New-Flow Attack with SDNSnapshot in P4-based SDN
Cai, Yun-Zhan
Lin, Ting-Yu
Wang, Yu-Ting
Tuan, Ya-Pei
Tsai, Meng-Hsun
2022 23RD ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (APNOMS 2022), 2022, : 227 - 230
[13] Mitigating SYN flooding Attack and ARP Spoofing in SDN Data Plane
Lin, Ting-Yu
Wu, Then-Ping
Hung, Pei-Hsuan
Shao, Ching-Hsuan
Wang, Yu-Ting
Cai, Yun-Than
Tsai, Meng-Hsun
APNOMS 2020: 2020 21ST ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (APNOMS), 2020, : 114 - 119
[14] Preprocessing Monitoring Information on the SDN Data-Plane using P4
Hark, Rhaban
Bhat, Divyashri
Zink, Michael
Steinmetz, Ralf
Rizk, Amr
2019 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORKS (IEEE NFV-SDN), 2019,
[15] rDefender: A Lightweight and Robust Defense Against Flow Table Overflow Attacks in SDN
Kong, Dezhang
Chen, Xiang
Wu, Chunming
Shen, Yi
Zhou, Zhengyan
Cheng, Qiumei
Liu, Xuan
Yang, Mingliang
Qiu, Yubing
Zhang, Dong
Khan, Muhammad Khurram
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 9436 - 9451
[16] TableGuard: A Novel Security Mechanism Against Flow Table Overflow Attacks in SDN
Kong, Dezhang
Wu, Chunming
Shen, Yi
Chen, Xiang
Liu, Hongyan
Zhang, Dong
2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022), 2022, : 4167 - 4172
[17] Mitigation of security attacks in the SDN data plane using P4-enabled switches
Narayanan, Niranjhana
Sankaran, Ganesh C.
Sivalingam, Krishna M.
13TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED NETWORKS AND TELECOMMUNICATION SYSTEMS (IEEE ANTS), 2019,
[18] Method for Overflow Attack Defense of SDN Network Flow Table Based on Stochastic Differential Equation
Zhao, Xinhui
Wang, Qingxian
Wu, Zehui
Guo, Rui
WIRELESS PERSONAL COMMUNICATIONS, 2021, 117 (04) : 3431 - 3447
[19] Method for Overflow Attack Defense of SDN Network Flow Table Based on Stochastic Differential Equation
Xinhui Zhao
Qingxian Wang
Zehui Wu
Rui Guo
Wireless Personal Communications, 2021, 117 : 3431 - 3447
[20] In-network Reinforcement Learning for Attack Mitigation using Programmable Data Plane in SDN
Ganesan, Aparna
Sarac, Kamil
2024 33RD INTERNATIONAL CONFERENCE ON COMPUTER COMMUNICATIONS AND NETWORKS, ICCCN 2024, 2024,

← 1 2 3 4 5 →