Defending saturation attacks on SDN controller: A confusable instance analysis-based algorithm

Software-Defined Networking (SDN) is an emerging network architecture that offers flexible network management. Although the decoupling of the control plane and data plane provides network programmability for SDN, it also makes SDN become vulnerable to several attacks. The saturation attack is one of...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2022-08, Vol.213, p.109098, Article 109098
Main Authors: Ran, Longyan, Cui, Yunhe, Guo, Chun, Qian, Qing, Shen, Guowei, Xing, Huanlai
Format: Article
Language:English
Subjects:
Algorithms
Catastrophe theory
Computer architecture
Controllers
Cusp catastrophe theory
Cusps
Cybersecurity
Decoupling
Licenses
Saturation
Saturation attack
SDN
Software-defined networking
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-Defined Networking (SDN) is an emerging network architecture that offers flexible network management. Although the decoupling of the control plane and data plane provides network programmability for SDN, it also makes SDN become vulnerable to several attacks. The saturation attack is one of these attacks. It is a concealed attack that has a highly negative impact by overwhelming the SDN controller. Once the SDN controller is crashed, the network cannot work. Currently, the cusp catastrophe theory has already been used for detecting saturation attack against SDN controller. When using the cusp catastrophe theory to detect saturation attack in SDN, most instances will be identified as unstable instances. The additional detection of unstable instances is achieved using the distance between current state and previous state, leading to the low detection accuracy. To overcome that issues, in this work, we propose LICENSE, a saturation attack detection mechanism designed based on confusable instance analysis. More specifically, a Condition Transferring Mechanism (CTM) method is designed to first classify the input instances into two kinds, the unconfusable instance that clearly belongs to attack or benign instance and the confusable instance which is not easy to distinguish. Then a Network State Base Cusp model is proposed to further distinguish the confusable instance to stable instance and unstable instance. At last, a method recorded as Unstable Instance Detection (UID) is proposed for identifying unstable instances. The evaluation results demonstrate that LICENSE can reduce the number of unstable instances and improve the detection accuracy of unstable instances, thus achieving a higher overall detection performance. In conclusion, LICENSE can effectively detect saturation attack in SDN.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2022.109098