Loading…

On detecting compromised controller in software defined networks

•We proposed a novel method to identify compromised controllers in SDN.•Our method uses OpenFlow packet traces from SDN data plane.•Nine new features are dened on OpenFlow to identify malicious controllers.•The proposed method is independent of the number of controllers and network topology. While t...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2018-06, Vol.137, p.107-118
Main Authors: Anand, N., Babu, Sarath, Manoj, B.S.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:•We proposed a novel method to identify compromised controllers in SDN.•Our method uses OpenFlow packet traces from SDN data plane.•Nine new features are dened on OpenFlow to identify malicious controllers.•The proposed method is independent of the number of controllers and network topology. While traditional networks depend on a fully distributed control plane, Software Defined Networks (SDNs), the rapidly emerging area in computer networking, utilize a centralized control plane. SDNs bring in many benefits such as fine-grained control, possibility of optimal routing, and resource management within the network. As a result, SDNs find wider deployments in certain segments of networking such as data center networks. In addition, SDN approach is a potential candidate for the control plane design in 5G networks. Despite the benefits, SDNs face certain issues such as the possibility of single point failure, the communication overhead between switches and controllers, and more importantly the security as well as trustability of the control plane. Due to the centralized nature of the control plane, it is important to detect the presence of compromised control plane in an SDN. Compromised control plane refers to the situation where one or more of the controllers in an SDN are compromised by malwares, resulting in deviation from the normal control plane behavior. Developing new solutions for detecting the presence of compromised controllers is exacerbated by the lack of appropriate SDN traffic data sets. As a result, existing literature lacks solutions to detect the presence of a compromised control plane. Of particular interest is the case where SDN controller-specific threats hide their presence from end-users and administrators of the network. Our contributions in this paper include the following: (i) identification of five threat vectors that represent compromised controllers in SDNs, (ii) creation of a large volume of OpenFlow traffic traces in order for studying various SDN threat vectors, (iii) proposal of nine novel OpenFlow-specific features that capture the above mentioned threat vectors, and (iv) study of machine-learning based detection technique for compromised control plane using six classifiers. The OpenFlow traffic trace data set, we created, is made available for the use of larger research community. We carried out detailed experimental studies that show the efficacy of our scheme in detecting the presence of compromised controllers. Our results i
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2018.03.021