Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (1): 362-372.doi: 10.11896/jsjkx.211100223

• Information Security • Previous Articles     Next Articles

Anomaly Detection Method of SDN Network Edge Switch

ZHAO Yang1, YI Peng1,2, ZHANG Zhen1,2, HU Tao1, LIU Shaoxun2   

  1. 1 Institute of Scientific,Technical Information,People's Liberation Army Strategic Spport Force Information Engineering University, Zhengzhou 450001,China
    2 Network Communication and Security Purple Mountain Laboratory,Nanjing 210000,China
  • Received:2021-11-22 Revised:2022-06-06 Online:2023-01-15 Published:2023-01-09
  • About author:ZHAO Yang,born in 1997,postgra-duate.His main research interests include advanced network and defense technology.
    YI Peng,born in 1977,Ph.D,resear-cher,Ph.D supervisor.His main research interests include new network architecture,network security control and active defense technology.
  • Supported by:
    Major Science and Technology Projects in Henan Province(Research and Demonstration Application of Key Technologies for Endogenous Safety of Intelligent Connected Vehicles 2022012) and National Natural Science Foundation of China(61872382,62101598,61521003).

PDF (PC)

1291

Abstract: Software-defined network gives programmability to the network,reduces the complexity of network management,and promotes the development of new network technology.As a device for data forwarding and policy enforcement,the permissions of SDN switches should not be stolen by unauthorized entities.However,the SDN switch does not always execute the commands issued by the controller.Malicious attackers attack the network covertly and fatally by eroding the SDN switch,which seriously affects the end-to-end communication quality of users.Communicationsequential process(CSP),as a modeling language designed for concurrent systems,can accurately describe the interaction between SDN switch-switch and switch-host.In this paper,CSP is used to model SDN switch and terminal host,and two abnormal switch location methods are analyzed theoretically.We verify the effectiveness of the two detection methods in the instantiated model system when the edge switch is maliciously forwarded as an egress switch,and the authentication results show that the abnormal behavior cannot be detected.In order to solve this problem,an anomaly detection method for edge switch is proposed in this paper.In this method,the host records the statistical information and triggers the packet_in message to complete the information transmission with the controller by constructing a special packet.The controller collects the statistical information and detects the abnormal forwarding behavior of the edge switch by analyzing the statistical information consistency between the edge switch and the host.Finally,based on the ryu controller,experiments are carried out on the mininet platform,and experimental results show that the edge switch anomaly detection method can successfully detect abnormal behavior.

Key words: Software defined network, Data plane security, Formal authentication and analysis, Communication sequence process, Damaged switch detection

CLC Number: 

  • TP391
[1]YOON C,LEE S,KANG H,et al.Flow wars:Systemizing the attack surface and defenses in software-defined networks[J].IEEE/ACM Transactions on Networking,2017,25(6):3514-3530.
[2]ZHANG P,XU S,YANG Z,et al.FOCES:Detecting forwarding anomalies in software defined networks[C]//2018 IEEE 38th International Conference on Distributed Computing Systems(ICDCS).IEEE,2018:830-840.
[3]SASAKI T,PAPPAS C,LEE T,et al.SDNsec:Forwarding accountability for the SDN data plane[C]//2016 25th Interna-tional Conference on Computer Communication and Networks(ICCCN).IEEE,2016:1-10.
[4]CHAO T W,KE Y M,CHEN B H,et al.Securing data planes in software-defined networks[C]//2016 IEEE NetSoft Conference and Workshops(NetSoft).IEEE,2016:465-470.
[5]KAMISIĆSKI A,FUNG C.Flowmon:Detecting malicious switches in software-defined networks[C]//Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense.2015:39-45.
[6]YUAN B,JIN H,ZOU D,et al.A practical byzantine-based approach for faulty switch tolerance in software-defined networks[J].IEEE Transactions on Network and Service Management,2018,15(2):825-839.
[7]HOARE C A R.Communicating sequential processes[J].Communications of the ACM,1978,21(8):666-677.
[8]XIANG S,ZHU H,WU X,et al.Modeling and verifying the topology discovery mechanism of OpenFlow controllers in software-defined networks using process algebra[J].Science of Computer Programming,2020,187:102343.
[9]SUN J,LIU Y,DONG J S,et al.PAT:Towards flexible verification under fairness[C]//International Conference on Computer Aided Verification.Berlin,Heidelberg:Springer,2009:709-714.
[10]NYGREN A,PFAFF B,LANTZ B,et al.Openflow switch spe-cification version 1.5.1[J/OL].Open Networking Foundation.https://opennetworking.org/wp-content/uploads/2014/10/open-flow-switch-v1.5.1.pdf.
[11]ZHANG P,WU H,ZHANG D,et al.Verifying rule enforcement in software defined networks with REV[J].IEEE/ACM Tran-sactions on Networking,2020,28(2):917-929.
[12]SHAGHAGHI A,KAAFAR M A,JHA S.Wedgetail:An intrusion prevention system for the data plane of software defined networks[C]//Proceedings of the 2017 ACM on Asia Confe-rence on Computer and Communications Security.2017:849-861.
[13]SHUKLA A,SAIDI S J,SCHMID S,et al.Toward Consistent SDNs:A Case for Network State Fuzzing[J].IEEE Transactions on Network and Service Management,2019,17(2):668-681.
[14]GHANNAM R,CHUNG A.Handling malicious switches insoftware defined networks[C]//NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium.IEEE,2016:1245-1248.
[15]PANG C,JIANG Y,LI Q.FADE:Detecting forwarding anomaly in software-defined networks[C]//2016 IEEE International Conference on Communications(ICC).IEEE,2016:1-6.
[16]SHANG G,ZHE P,BIN X,et al.FloodDefender:Protecting dataand control plane resources under SDN-aimed DoS attacks[C]//IEEE INFOCOM 2017-IEEE Conference on Computer Communications.IEEE,2017:1-9.
[17]JAIN S,KUMAR A,MANDAL S,et al.B4:Experience with a globally-deployed software defined WAN[J].ACM SIGCOMM Computer Communication Review,2013,43(4):3-14.
[18]NAM H,KIM K H,KIM J Y,et al.Towards QoE-aware video streaming using SDN[C]//2014 IEEE Global Communications Conference.IEEE,2014:1317-1322.
[1] GENG Hai-jun, WANG Wei, YIN Xia. Single Node Failure Routing Protection Algorithm Based on Hybrid Software Defined Networks [J]. Computer Science, 2022, 49(2): 329-335.
[2] ZHANG Geng-qiang, XIE Jun, YANG Zhang-lin. Accelerating Forwarding Rules Issuance with Fast-Deployed-Segment-Routing(FDSR) in SD-MANET [J]. Computer Science, 2022, 49(2): 377-382.
[3] XU Yi-ming, MA Li, FU Ying-xun, LI Yang, MA Dong-chao. Intelligent Routing Technology for Multi-terminal Access in Integrated Network [J]. Computer Science, 2022, 49(12): 332-339.
[4] BAO Chun-hui, ZHUANG Yi, GUO Li-ye. SDN Oriented Mobile Network Reliability Evaluation Algorithm [J]. Computer Science, 2022, 49(11A): 211000080-8.
[5] DONG Shi. Survey on Software Defined Networks Security [J]. Computer Science, 2021, 48(3): 295-306.
[6] GAO Ya-zhuo, LIU Ya-qun, ZHANG Guo-min, XING Chang-you, WANG Xiu-lei. Multi-stage Game Based Dynamic Deployment Mechanism of Virtualized Honeypots [J]. Computer Science, 2021, 48(10): 294-300.
[7] ZHANG Ju, WANG Hao, LUO Shu-ting, GENG Hai-jun, YIN Xia. Hybrid Software Defined Network Energy Efficient Routing Algorithm Based on Genetic Algorithm [J]. Computer Science, 2020, 47(6): 236-241.
[8] XIE Ying-ying, SHI Jian, HUANG Shuo-kang, LEI Kai. Survey on Internet of Things Based on Named Data Networking Facing 5G [J]. Computer Science, 2020, 47(4): 217-225.
[9] WEI De-bin,YANG Peng,YANG Li,SHI Huai-feng. Virtual Network Function Fast Mapping Algorithm over Satellite Network [J]. Computer Science, 2020, 47(3): 248-254.
[10] GAO Hang-hang,ZHAO Shang-hong,WANG Xiang,ZHANG Xiao-yan. Traffic Balance Scheme of Aeronautical Information Network Based on System Optimal Strategy [J]. Computer Science, 2020, 47(3): 261-266.
[11] GU Xiao-hui,ZHANG Guo-an. Survey of SDN Applications in Vehicular Networks [J]. Computer Science, 2020, 47(1): 237-244.
[12] XUE Hao, CHEN Ming, QIAN Hong-yan. NFV-based Mechanism to Guard Against UDP Control Packet Redundancy in SDN Controller [J]. Computer Science, 2019, 46(10): 135-140.
[13] YANG Ren-yu, HAN Yi-gang, ZHANG Fan, FENG Fei. Survey of Content Centric Network Based on SDN [J]. Computer Science, 2019, 46(1): 13-20.
[14] ZHU Yu-jian, MA Jun-ming, AN Bo, CAO Dong-gang. Linux Container Cluster Networking Approach for Multiple Tenants [J]. Computer Science, 2018, 45(9): 46-51.
[15] PANG Bo, JIN Qian-kun, HENIGULI·Wu Mai Er and QI Xing-bin. Routing Scheme Based on Network Slicing and ILP Model in SDN [J]. Computer Science, 2018, 45(4): 143-147.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.