Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks

Li Der Chou, Chien Chang Liu, Meng Sheng Lai, Kai Cheng Chiu, Hsuan Hao Tu, Sen Su, Chun Lin Lai, Chia Kuan Yen, Wei Hsiang Tsai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

The SDN controller uses the OpenFlow Discovery Protocol (OFDP) to collect network topology status. OFDP detects the link between OpenFlow switches by generating Link Layer Discovery Protocol (LLDP) packets. However, OFDP is not a completely secure protocol and can be used by attackers to perform topology discovery injection attacks, topology discovery man-in-the-middle attacks, and topology discovery flood attacks, thereby confusing the network topology. This paper proposes a Correlation-based Topology Anomaly Detection (CTAD) mechanism to run in a software-defined network controller. Spearman's rank correlation is used to analyze the correlation between network traffic between links and measure the time difference between the round trip time of each LLDP frame to determine whether the topology man-in-the-middle attack exists in the network. This paper also adds a dynamic authentication key and counting mechanism in the LLDP frame to prevent attackers from using the topology discovery injection attack to generate fake links and topology discovery flooding attacks, causing network routing or switching abnormalities.

Original languageEnglish
Title of host publicationICTC 2019 - 10th International Conference on ICT Convergence
Subtitle of host publicationICT Convergence Leading the Autonomous Future
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages357-362
Number of pages6
ISBN (Electronic)9781728108926
DOIs
StatePublished - Oct 2019
Event10th International Conference on Information and Communication Technology Convergence, ICTC 2019 - Jeju Island, Korea, Republic of
Duration: 16 Oct 201918 Oct 2019

Publication series

NameICTC 2019 - 10th International Conference on ICT Convergence: ICT Convergence Leading the Autonomous Future

Conference

Conference10th International Conference on Information and Communication Technology Convergence, ICTC 2019
Country/TerritoryKorea, Republic of
CityJeju Island
Period16/10/1918/10/19

Keywords

  • Link Layer Discovery Protocol
  • OpenFlow Discovery Protocol
  • Software Defined Networking
  • topology discovery attacks

Fingerprint

Dive into the research topics of 'Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks'. Together they form a unique fingerprint.

Cite this