INFAS: In-network flow management scheme for SDN control plane protection
Research output: Contribution to book/conference proceedings/anthology/report › Conference contribution › Contributed › peer-review
Contributors
Abstract
The work that we present in this paper is motivated by a systematic vulnerability of SDN, a current technology that is expected to dominate the Internet. In particular, we focus on the Control Plane Saturation (CPS) attack, a very harmful, yet easy to implement, DoS attack. In CPS, the adversary generates a massive amount of flow packets that will not match switches' flow rules. As a result, the switches flood the control channels and the controller with malicious control packets. Previously proposed solutions mainly rely on the controller-side detection and filtering, thus still consume the control plane bandwidth resources and cannot achieve quick response due to the switch-controller delay.We present INFAS, a system that runs on commodity servers installed near network devices, for protecting SDN against CPS. The switches send flow packets that do not match concrete flow rules in their flow tables to INFAS, which is tasked to analyze the packets and to subsequently decide on sending them back to the switches or not. This results in reducing the number of generated control packets by up to 80%, which we show through extensive evaluations.
Details
Original language | English |
---|---|
Title of host publication | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 367-373 |
Number of pages | 7 |
ISBN (electronic) | 9783903176157 |
Publication status | Published - 16 May 2019 |
Peer-reviewed | Yes |
Conference
Title | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 |
---|---|
Duration | 8 - 12 April 2019 |
City | Arlington |
Country | United States of America |
External IDs
ORCID | /0000-0001-8469-9573/work/161891230 |
---|
Keywords
ASJC Scopus subject areas
Keywords
- Control Plane Saturation, Denial-of-Service, Flow Management, Security, Software-Defined Networking