Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks

Li Der Chou, Chien Chang Liu, Meng Sheng Lai, Kai Cheng Chiu, Hsuan Hao Tu, Sen Su, Chun Lin Lai, Chia Kuan Yen, Wei Hsiang Tsai

研究成果: 雜誌貢獻期刊論文同行評審

9 引文 斯高帕斯(Scopus)

摘要

Software-defined networking controllers use the OpenFlow discovery protocol (OFDP) to collect network topology status. The OFDP detects the link between switches by generating link layer discovery protocol (LLDP) packets. However, OFDP is not a security protocol. Attackers can use it to perform topology discovery via injection, man-in-the-middle, and flooding attacks to confuse the network topology. This study proposes a correlation-based topology anomaly detection mechanism. Spearman's rank correlation is used to analyze the network traffic between links and measure the round-trip time of each LLDP frame to determine whether a topology discovery via man-in-the-middle attack exists. This study also adds a dynamic authentication key and counting mechanism in the LLDP frame to prevent attackers from using topology discovery via injection attack to generate fake links and topology discovery via flooding attack to cause network routing or switching abnormalities.

原文???core.languages.en_GB???
文章編號8898949
期刊Wireless Communications and Mobile Computing
2020
DOIs
出版狀態已出版 - 2020

指紋

深入研究「Behavior Anomaly Detection in SDN Control Plane: A Case Study of Topology Discovery Attacks」主題。共同形成了獨特的指紋。

引用此