Younghee Park, Sang-Yoon Chang, Lavanya M. Krishnamurthy
{"title":"Watermarking for detecting freeloader misbehavior in software-defined networks","authors":"Younghee Park, Sang-Yoon Chang, Lavanya M. Krishnamurthy","doi":"10.1109/ICCNC.2016.7440628","DOIUrl":null,"url":null,"abstract":"Software-defined networking (SDN) provides network operators a high level of flexibility and programability through the separation of the control plane from the data plane. When initiating traffic, users are required to install flow rules that direct the traffic routing. This process requires communication between control and data plane and results in significant overhead and enables the controller to monitor the traffic and its source. In this paper, we introduce a novel misbehavior, called freeloading, where attackers bypass the process of installing flow rules. The attackers thus can send traffic with an unfair advantage in delay (enabling them to launch more timely threats) and significantly reduce the risk of attacker detection by the network controller (especially if further threats were launched). To prevent such attack, we develop a flow watermarking technique that embeds a secret message into the data payload. It facilitates ownership of the established flow rules, so that only the legitimate owners of flow rules can send packets using their own rules and the network can help detect the misuse cases of the installed flow rules.","PeriodicalId":308458,"journal":{"name":"2016 International Conference on Computing, Networking and Communications (ICNC)","volume":"84 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Computing, Networking and Communications (ICNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCNC.2016.7440628","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
Software-defined networking (SDN) provides network operators a high level of flexibility and programability through the separation of the control plane from the data plane. When initiating traffic, users are required to install flow rules that direct the traffic routing. This process requires communication between control and data plane and results in significant overhead and enables the controller to monitor the traffic and its source. In this paper, we introduce a novel misbehavior, called freeloading, where attackers bypass the process of installing flow rules. The attackers thus can send traffic with an unfair advantage in delay (enabling them to launch more timely threats) and significantly reduce the risk of attacker detection by the network controller (especially if further threats were launched). To prevent such attack, we develop a flow watermarking technique that embeds a secret message into the data payload. It facilitates ownership of the established flow rules, so that only the legitimate owners of flow rules can send packets using their own rules and the network can help detect the misuse cases of the installed flow rules.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
