Audit-based correction mechanism for malicious statistics information of data plane

In software-defined networking (SDN), the controller relies on the information collected from the data plane for route planning, load balancing, and other functions. Statistics information is the most important kind of information among them, so the correctness of statistics information is the key to the proper operation of the network. Most of the current research on data plane focuses on policy consistency, rule redundancy, forwarding anomalies, and so on, and little attention is paid to whether the statistics information uploaded by the switches to the controller is correct. However, incorrect statistics information inevitably leads the controller to make wrong decisions. Therefore, this paper proposes an audit-based malicious information correction mechanism to address the problem of wrong statistics information uploaded by the switches. This mechanism audits the statistics information and locates malicious switches before uploading the statistics information to the controller. It identifies and corrects the statistics information errors by combining flow path and statistics information. We have performed simulations on Nsfnet, Abilene, and Fat-Tree, and the results show that our method can correct about 70% of the statistical information errors with less computational cost. To the best of our knowledge, this paper is the first malicious statistics information correction scheme for wildcard rules.