Watermarking for Detecting Freeloader Misbehavior in Software-Defined Networks

Software-defined networking (SDN) provides network operators a high level of flexibility and programmability through the separation of the control plane from the data plane. When initiating traffic, users are required to install flow rules that direct the traffic routing. This process requires communication between control and data plane and results in significant overhead and enables the controller to monitor the traffic and its source. In this paper, we introduce a novel misbehavior, called freeloading, where attackers bypass the process of installing flow rules. The attackers thus can send traffic with an unfair advantage in delay (enabling them to launch more timely threats) and significantly reduce the risk of attacker detection by the network controller (especially if further threats were launched). To prevent such attack, we develop a flow watermarking technique that embeds a secret message into the data payload. It facilitates ownership of the established flow rules, so that only the legitimate owners of flow rules can send packets using their own rules and the network can help detect the misuse cases of the installed flow rules.