Link Discovery Attacks in Software-Defined Networks: Topology Poisoning and Impact Analysis

Inconsistency Management ◽

Link Discovery ◽

New Challenges ◽

First Time ◽

Sdn Controller ◽

Hybrid Sdn

<p>The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named “multi-hop link fabrication”, in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield’s performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment.</p>

Topology Poisoning Attacks and Prevention in Hybrid Software-Defined Networks

10.36227/techrxiv.14806368 ◽

2021 ◽

Author(s):

Pragati Shrivastava ◽

Kotaro Kataoka

Keyword(s):

High Accuracy ◽

Virtual Network ◽

Smooth Transition ◽

Inconsistency Management ◽

Link Discovery ◽

New Challenges ◽

First Time ◽

Sdn Controller ◽

Hybrid Sdn

<p>The hybrid software-defined networks (SDN) architectures are beneficial for a smooth transition and less costly SDN deployment. However, legacy switches and SDN switches coexistence brings new challenges of deployment inconsistency management and security. Security is not well studied for hybrid SDN architecture. In this paper, we study the topology poisoning attacks in hybrid SDN for the first time. We propose new attack vectors for link fabrication in hybrid SDN. The new attack is named “multi-hop link fabrication”, in which an adversary successfully injects a fake multi-hop link (MHL) by exploiting the link discovery protocols. We presented the Hybrid-Shield, a link verification framework for hybrid SDN link discovery. Hybrid-Shield introduces a novel verification technique that includes: i) monitoring legacy switch and host generated traffic at MHL and ii) validating the existence of legacy switches contained in an MHL. This paper presents the prototype implementation of Hybrid-Shield over a real SDN controller. The experimental evaluation is performed with the mininet virtual network emulation. Our evaluation shows that Hybrid-Shield is capable of detecting MHL fabrication attacks in real-time with high accuracy. Hybrid-Shield’s performance evaluation shows that it is lightweight at the controller as it causes less overhead and requires no additional functionalities at the SDN controller for deployment.</p>

Detecting P2P Botnet in Software Defined Networks

Security and Communication Networks ◽

10.1155/2018/4723862 ◽

2018 ◽

Vol 2018 ◽

pp. 1-13 ◽

Cited By ~ 5

Author(s):

Shang-Chiuan Su ◽

Yi-Ren Chen ◽

Shi-Chun Tsai ◽

Yi-Bing Lin

Keyword(s):

Machine Learning ◽

Network Management ◽

P2p Network ◽

Software Defined Network ◽

Security Issues ◽

Network Equipment ◽

Traditional Approaches ◽

Network Administrators ◽

Software Defined Network separates the control plane from network equipment and has great advantage in network management as compared with traditional approaches. With this paradigm, the security issues persist to exist and could become even worse because of the flexibility on handling the packets. In this paper we propose an effective framework by integrating SDN and machine learning to detect and categorize P2P network traffics. This work provides experimental evidence showing that our approach can automatically analyze network traffic and flexibly change flow entries in OpenFlow switches through the SDN controller. This can effectively help the network administrators manage related security problems.

Impact Analysis and Topology Optimization of Pultruded Automotive Bumper

Techno-Societal 2016 ◽

10.1007/978-3-319-53556-2_82 ◽

2017 ◽

pp. 799-807

Author(s):

Rohit R. Ghadge ◽

S. Prakash

Keyword(s):

Topology Optimization ◽

Impact Analysis ◽

And Topology

Mitigation of Combined DDoS attack on SDN Controller and Primary Server in Software Defined Networks using a priority on traffic variation

2020 International Conference for Emerging Technology (INCET) ◽

10.1109/incet49848.2020.9153998 ◽

2020 ◽

Author(s):

R. Sanjeetha ◽

Shikhar Srivastava ◽

Anita Kanavalli ◽

Ashutosh Pattanaik ◽

Anshul Gupta

Keyword(s):

Ddos Attack ◽

A Priority ◽

Network Management Challenges in Software-Defined Networks

IEICE Transactions on Communications ◽

10.1587/transcom.e97.b.2 ◽

2014 ◽

Vol E97.B (1) ◽

pp. 2-9 ◽

Cited By ~ 14

Author(s):

Slawomir KUKLINSKI ◽

Prosper CHEMOUIL

Keyword(s):

Network Management ◽

Software Defined Networks

Analysis of link discovery service attacks in SDN controller

2017 International Conference on Information Networking (ICOIN) ◽

10.1109/icoin.2017.7899515 ◽

2017 ◽

Cited By ~ 4

Author(s):

Tri-Hai Nguyen ◽

Myungsik Yoo

Keyword(s):

Discovery Service ◽

Link Discovery ◽

Quantitative impact analysis of land readjustment projects: Empirical analysis for new urban districts.

Doboku Gakkai Ronbunshu ◽

10.2208/jscej.1993.81 ◽

1993 ◽

pp. 81-90

Author(s):

Masatake MURAHASHI ◽

Tsunekazu TODA

Keyword(s):

Empirical Analysis ◽

Impact Analysis ◽

Urban Districts ◽

Land Readjustment ◽

Quantitative Impact

ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

International Journal of Computing ◽

10.47839/ijc.19.3.1889 ◽

2020 ◽

pp. 399-410

Author(s):

Jawad Dalou' ◽

Basheer Al-Duwairi ◽

Mohammad Al-Jarrah

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Point Of View ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Control Plane ◽

Data Plane ◽

And Control ◽

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

Mycobacterium phage Butters-encoded proteins contribute to host defense against viral attack

10.1101/2020.04.27.053744 ◽

2020 ◽

Author(s):

Catherine M. Mageeney ◽

Hamidu T. Mohammed ◽

Marta Dies ◽

Samira Anbari ◽

Netta Cudkevich ◽

...

Keyword(s):

Pathogenic Bacteria ◽

Phage Therapy ◽

Defense Mechanism ◽

Resistant Bacteria ◽

Two Component System ◽

Bacterial Genomes ◽

Bacterial Host ◽

Bioinformatics Analyses ◽

Defense Systems ◽

Two Component

ABSTRACTA diverse set of prophage-mediated mechanisms protecting bacterial hosts from infection has been recently uncovered within Cluster N mycobacteriophages. In that context, we unveil a novel defense mechanism in Cluster N prophage Butters. By using bioinformatics analyses, phage plating efficiency experiments, microscopy, and immunoprecipitation assays, we show that Butters genes located in the central region of the genome play a key role in the defense against heterotypic viral attack. Our study suggests that a two component system articulated by interactions between protein products of genes 30 and 31 confers defense against heterotypic phage infection by PurpleHaze or Alma, but is insufficient to confer defense against attack by the heterotypic phage Island3. Therefore, based on heterotypic phage plating efficiencies on the Butters lysogen, additional prophage genes required for defense are implicated.IMPORTANCEMany sequenced bacterial genomes including pathogenic bacteria contain prophages. Some prophages encode defense systems that protect their bacterial host against heterotypic viral attack. Understanding the mechanisms undergirding these defense systems will be critical to development of phage therapy that circumvents these defenses. Additionally, such knowledge will help engineer phage-resistant bacteria of industrial importance.