Stealthy Verification Mechanism to Defend SDN Against Topology Poisoning

Zamin Khan, Bakht and Ghani, Anwar and Khan, Imran and Ali Khan, Muazzam and Bilal, Muhammad (2022) Stealthy Verification Mechanism to Defend SDN Against Topology Poisoning. In: Internet of Things. Internet of Things . Springer Science and Business Media Deutschland GmbH, pp. 235-246. ISBN 9783030893279

Full text not available from this repository.

Official URL: https://doi.org/10.1007/978-3-030-89328-6_13

Abstract

Software-defined network (SDN) is an emerging networking paradigm that segregates functionalities of control and data plane to reduce their complexity and provides more control, scalability, and centralized management. OpenFlow (OF) is a widely used protocol that builds a global and shared view of the network. Therefore, for SDN applications, the correctness of the topology view has a critical impact on the flow-based communication and provision of services. However, recently identified vulnerabilities in Open Flow Discovery Protocol (OFDP) reveal that malicious hosts or data plane switches can poison the global view of the network, and an intruder can launch man-in-the-middle or denial of service attacks. Existing passive approach-based solutions work well for known attacks. Some solutions use an active approach to identify the fake links or malicious hosts by sending Stealthy Probing Verification (SPV) packets. However, due to the use of probing mechanism, it faces scalability and bandwidth consumption issues in the case of large data centers networks and resource limited networks. The proposed technique is based on the SPV mechanism, however, to counter the scalability and bandwidth issues, the probing packets are only initiated when triggered updates of a new link or network node are received by the SDN controller. The probing traffic has been reduced by 40%. Hence consume less bandwidth and identifies a malicious host in less than 90 ms. The results indicate that the Enhance Stealthy Probing Verification (ESPV) is a more scalable and suitable solution to detect and identify fake links or malicious hosts in large data center networks and resource limited networks such as Wireless Sensor Networks (WSNs).

Item Type:

Contribution in Book/Report/Proceedings

Uncontrolled Keywords:

/dk/atira/pure/subjectarea/asjc/1700/1702

Subjects:

?? ACTIVE PROBINGLINK FABRICATIONOPEN FLOW DISCOVERY PROTOCOLOPENFLOWRESOURCE CONSTRAINT NETWORKSSECURITYSOFTWARE-DEFINED NETWORKSTEALTHY PROBING VERIFICATIONTOPOLOGY DISCOVERYWIRELESS SENSOR NETWORKSSIGNAL PROCESSINGINSTRUMENTATIONCOMPUTER SCIENCE APPLICATI ??

Departments:

Faculty of Science and Technology > School of Computing & Communications

ID Code:

205098

Deposited By:

ep_importer_pure

Deposited On:

10 Oct 2023 09:50

Refereed?:

Published?:

Published

Last Modified:

10 Oct 2023 09:50

URI:

https://eprints.lancs.ac.uk/id/eprint/205098