Securing P4-SDN Data Plane against Flow Table Modification Attack

被引:2
|
作者
Reddy, Buchammagari Avinash [1 ]
Sahoo, Kshira Sagar [2 ]
Bhuyan, Monowar [2 ]
机构
[1] IIIT Naya Raipur, Dept Data Sci & Artificial Intelligence, Raipur, India
[2] Umea Univ, Dept Comp Sci, SE-90187 Umea, Sweden
来源
PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024 | 2024年
关键词
SDN; Flow table security; Flow rule modification attack; P4; switch; Data plane;
D O I
10.1109/NOMS59830.2024.10575461
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Security in Software Defined Network (SDN) architecture is becoming the most substantial challenge. This paper introduces a novel threat model focused on flow table modification in the P4-programmable SDN data plane, outlining an attacker's stochastic manipulation of flow rules from a compromised switch. A detection framework is proposed to identify the malicious switch within the network by utilizing the thrift port. Moreover, a fuzzy-rule-based mitigation strategy has been proposed to identify the severity of attacks. The feasibility and effectiveness of the methodology are evaluated using a developed testbed setup by employing Facebook datacenter fabric topology in a Mininet emulator and BMv2 switch.
引用
收藏
页数:5
相关论文
共 50 条
  • [21] Securing federated learning: a defense strategy against targeted data poisoning attack
    Ansam Khraisat
    Ammar Alazab
    Moutaz Alazab
    Tony Jan
    Sarabjot Singh
    Md. Ashraf Uddin
    Discover Internet of Things, 5 (1):
  • [22] Securing Remote State Estimation against Sequential Logic Attack of Sensor Data
    Wang, Jing
    Feng, Tao
    APPLIED SCIENCES-BASEL, 2022, 12 (04):
  • [23] Protection against Flow Table Overflow Attack in Software Defined Networks
    Noh, Sichul Kevin
    Kang, Minjae
    Park, Minho
    35TH INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN 2021), 2021, : 486 - 490
  • [24] DART: Data Plane Load Reduction for Traffic Flow Migration in SDN
    Maity, Ilora
    Misra, Sudip
    Mandal, Chittaranjan
    IEEE TRANSACTIONS ON COMMUNICATIONS, 2021, 69 (03) : 1765 - 1774
  • [25] Enhancing 5G SDN/NFV Edge with P4 Data Plane Programmability
    Paolucci, Francesco
    Cugini, Filippo
    Castoldi, Piero
    Osinski, Tomasz
    IEEE NETWORK, 2021, 35 (03): : 154 - 160
  • [26] Defending Against New-Flow Attack in SDN-Based Internet of Things
    Xu, Tong
    Gao, Deyun
    Dong, Ping
    Zhang, Hongke
    Foh, Chuan Heng
    Chao, Han-Chieh
    IEEE ACCESS, 2017, 5 : 3431 - 3443
  • [27] Defending Against Flow Table Overloading Attack in Software-Defined Networks
    Yuan, Bin
    Zou, Deqing
    Yu, Shui
    Jin, Hai
    Qiang, Weizhong
    Shen, Jinan
    IEEE TRANSACTIONS ON SERVICES COMPUTING, 2019, 12 (02) : 231 - 246
  • [28] P4Resilience: Scalable Resilience for Multi-failure Recovery in SDN with Programmable Data Plane
    Li, Ziyong
    Hu, Yuxiang
    Wu, Jiangxing
    Lu, Jie
    COMPUTER NETWORKS, 2022, 208
  • [29] SDN-based DDoS Attack Detection with Cross-Plane Collaboration and Lightweight Flow Monitoring
    Yang, Xiangrui
    Han, Biao
    Sun, Zhigang
    Huang, Jinfeng
    GLOBECOM 2017 - 2017 IEEE GLOBAL COMMUNICATIONS CONFERENCE, 2017,
  • [30] A P4-Based Adversarial Attack Mitigation on Machine Learning Models in Data Plane Devices
    Sankepally Sainath Reddy
    Kosaraju Nishoak
    J. L. Shreya
    Yennam Vishwambhar Reddy
    U. Venkanna
    Journal of Network and Systems Management, 2024, 32
12345