Securing P4-SDN Data Plane against Flow Table Modification Attack

被引:2
|
作者
Reddy, Buchammagari Avinash [1 ]
Sahoo, Kshira Sagar [2 ]
Bhuyan, Monowar [2 ]
机构
[1] IIIT Naya Raipur, Dept Data Sci & Artificial Intelligence, Raipur, India
[2] Umea Univ, Dept Comp Sci, SE-90187 Umea, Sweden
来源
PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024 | 2024年
关键词
SDN; Flow table security; Flow rule modification attack; P4; switch; Data plane;
D O I
10.1109/NOMS59830.2024.10575461
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Security in Software Defined Network (SDN) architecture is becoming the most substantial challenge. This paper introduces a novel threat model focused on flow table modification in the P4-programmable SDN data plane, outlining an attacker's stochastic manipulation of flow rules from a compromised switch. A detection framework is proposed to identify the malicious switch within the network by utilizing the thrift port. Moreover, a fuzzy-rule-based mitigation strategy has been proposed to identify the severity of attacks. The feasibility and effectiveness of the methodology are evaluated using a developed testbed setup by employing Facebook datacenter fabric topology in a Mininet emulator and BMv2 switch.
引用
收藏
页数:5
相关论文
共 50 条
  • [31] A P4-Based Adversarial Attack Mitigation on Machine Learning Models in Data Plane Devices
    Reddy, Sankepally Sainath
    Nishoak, Kosaraju
    Shreya, J. L.
    Reddy, Yennam Vishwambhar
    Venkanna, U.
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2024, 32 (01)
  • [32] Combined Control and Data Plane Robustness of SDN Networks against Malicious Node Attacks
    Santos, Dorabella
    de Sousa, Amaro
    Machuca, Carmen Mas
    2018 14TH INTERNATIONAL CONFERENCE ON NETWORK AND SERVICE MANAGEMENT (CNSM), 2018, : 54 - 62
  • [33] Preventing flow table overflow against denial of service attack in software defined network
    Wang D.
    Wu D.
    Zhi H.
    Guo K.
    Zhang X.
    Shi J.
    Zhang Y.
    Lu Y.
    Tongxin Xuebao/Journal on Communications, 2023, 44 (02): : 1 - 11
  • [34] A Study on Traffic Asymmetry for Detecting DDoS Attack in P4-based SDN
    Lin, Ting-Yu
    Wang, Ching-Yuan
    Tuan, Ya-Pei
    Tsai, Meng-Hsun
    Chen, Yean-Ru
    JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2022, 38 (06) : 1265 - 1283
  • [35] FlowStalker: Comprehensive Traffic Flow Monitoring on the Data Plane Using P4
    Castanheira, Lucas
    Parizotto, Ricardo
    Schaeffer-Filho, Alberto Egon
    ICC 2019 - 2019 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2019,
  • [36] Decision Tree Based IoT Attack Detection in Programmable Data Plane Using P4 Language
    Poddar, Rahul
    Babu, Hari
    ADVANCED INFORMATION NETWORKING AND APPLICATIONS, AINA-2022, VOL 2, 2022, 450 : 671 - 683
  • [37] SECOD: SDN sEcure COntrol and Data Plane Algorithm for Detecting and Defending against DoS Attacks
    Wang, Song
    Chandrasekharan, Sathyanarayanan
    Gomez, Karina
    Kandeepan, Sithamparanathan
    Al-Hourani, Akram
    Asghar, Muhammad Rizwan
    Russello, Giovanni
    Zanna, Paul
    NOMS 2018 - 2018 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, 2018,
  • [38] LSTM-NB: DoS Attack Detection On SDN With P4 Programmable Dataplane
    Heggi, Sya Raihan
    Sukarno, Parman
    Mugitama, Satria Akbar
    2022 INTERNATIONAL CONFERENCE ON ADVANCED CREATIVE NETWORKS AND INTELLIGENT SYSTEMS, ICACNIS, 2022, : 37 - 42
  • [39] Improving Scanner Data Collection in P4-based SDN
    Cai, Yun-Zhan
    Lai, Chih-Hao
    Wang, Yu-Ting
    Tsai, Meng-Hsun
    APNOMS 2020: 2020 21ST ASIA-PACIFIC NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (APNOMS), 2020, : 126 - 131
  • [40] Toward securing the control plane of 5G mobile networks against DoS threats: Attack scenarios and promising solutions
    Ettiane, Raja
    Chaoub, Abdelaali
    Elkouch, Rachid
    JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2021, 61
12345