Detecting Suspicious Behavior of SDN Switches by Statistics Gathering with Time

Takahiro Shimizu, Naoya Kitagawa, Kohta Ohshima, Nariyoshi Yamai

Abstract


In Software Defined Network (SDN), the networks are vulnerable to attacks by compromised switches, since it often used programmable software switches are vulnerable than traditional hardware switches. Although several countermeasures against compromised switches have been proposed, the accuracy of detecting malicious behavior depends on the performance of network statistics gathering by a controller. In this paper, we propose an approach to verify the consistency of forwarding state using simultaneously network statistics gathering from the switch by accurate time scheduling. Our method enables to detect attacks by compromised switches without being influenced by the performance of statistics gathering by the controller. Our method utilizes moving average thus our method mitigates the effect on the verification accuracy from the impact of switches performance such as the error of scheduling. In addition, we implemented the proposed method with Mininet, and we confirmed that our method is able to verify without depending on the performance of statistic-gathering by the controller.

Full Text:

PDF

References


D. Kreutz, F. M. Ramos, and P. Verissimo, “Towards secure and dependable software-defined networks,” in Proc. HotSDN. ACM, 2013.

M. Dhawan, R. Poddar, M. Kshiteej, and M. Vijay, "SPHINX: detecting security attacks in software-defined networks," in Proc. NDSS. Internet Society, 2015.

A. Shaghaghi, M. A. Kaafar, and S. Jha, "Wedgetail: An intrusion prevention system for the data plane of software defined networks," in Proc. AsiaCCS. ACM, 2017.

"CVE-2016-2074," accessed: May 13, 2018. [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE- 2016- 2074/

T. Mizrahi and Y. Moses, "Time4: Time for SDN," IEEE Transactions on Network and Service Management, vol. 13, no. 3, pp. 433-446, 2016.

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: Enabling Innovation in Campus Networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, p. 69, 2008.

Open Networking Foundation, "OpenFlow Switch Specification Version 1.5.0," 2014, accessed: May 13, 2018. [Online]. Available: https://www.opennetworking.org/wp-content/uploads/2014/10/openflow- switch- v1.5.1.pdf

IEEE, "IEEE Standard for a Precision Clock Synchronization Protocol for Networked Measurement and Control Systems," IEEE Std 1588-2008, pp. 1-300, 2008.

A. Khurshid, W. Zhou, M. Caesar, and P. B. Godfrey, "VeriFlow: Verifying Network-Wide Invariants in Real Time," in Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI'13), vol. 42, no. 4, sep 2013, p. 467.

P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, and S. Whyte, "Real Time Network Policy Checking Using Header Space Analysis," in Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation (NSDI'13), 2013, pp. 99-112.

A.Tootoonchian,S.Gorbunov,Y.Ganjali,M.Casado,andR.Sherwood, "On controller performance in software-defined networks," in Proc. HotICE. USENIX, 2012.

A. R. Curtis, J. C. Mogul, J. Tourrilhes, P. Yalagandula, P. Sharma, and S. Banerjee, "Devoflow: Scaling flow management for high-performance networks," in Proc. SIGCOMM. ACM, 2011.

S. Khan, A. Gani, A. W. Abdul Wahab, M. Guizani, and M. K. Khan, "Topology Discovery in Software Defined Networks: Threats, Taxonomy, and State-of-the-Art," IEEE Communications Surveys Tutorials, vol. 19, no. 1, pp. 303-324, 2017.

T. Mizrahi, "Time synchronization security using IPsec and MACsec," in Proc. ISPCS, no. Icv, 2011, pp. 38-43.

C. Rotsos, N. Sarrar, S. Uhlig, R. Sherwood, and A. W. Moore, "OFLOPS: An Open Framework for OpenFlow Switch Evaluation," in Lecture Notes in Computer Science, 2012, vol. 7192, pp. 85-95.

P. Wood, "Stopcock," 2014, accessed: May 13, 2018. [Online]. Available: https://github.com/tignetworking/stopcock/

Project Floodlight, "Loxigen," 2018, accessed: May 13, 2018. [Online]. Available: https://github.com/floodlight/loxigen/

TimedSDN, "ofsoftswitch13_EXT-340," 2015, accessed: May 13, 2018. [Online]. Available: https://github.com/TimedSDN/ofsoftswitch13_EXT- 340/

Mininet, "Mininet," 2018, accessed: May 13, 2018. [Online]. Available: http://mininet.org/

Project Floodlight, "Floodlight," 2018, accessed: May 13, 2018. [Online]. Available: http://www.projectfloodlight.org/floodlight/

P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz, B. O’Connor, P. Radoslavov, W. Snow, and G. Parulkar, “ONOS: Towards an open, distributed sdn os,” in Proc. HotSDN. ACM, 2014.


Refbacks

  • There are currently no refbacks.