Abeer E. W. Eldewahi, Alzubair Hassan, Khalid Elbadawi, Bazara I. A. Barry
{"title":"The analysis of man at the end attack behaviour in software defined network","authors":"Abeer E. W. Eldewahi, Alzubair Hassan, Khalid Elbadawi, Bazara I. A. Barry","doi":"10.1504/IJGUC.2019.10022146","DOIUrl":null,"url":null,"abstract":"Software defined network (SDN) is an emerging technology that decouples the control plane from data plane in its network architecture. This architecture exposes new threats that are absent in the traditional IP network. The man at the end attack (MATE) is one of the serious attacks against SDN controller. The MATE attacker does his/her malicious activities by exploiting the nature of messages between the controller and switches which are involved in requests and replies. This paper proposes a new detection method for MATE attack. We also used the spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege (STRIDE) model in the classification of a four-dimensional model to determine which attacks can be considered as MATE. Furthermore, we determine the behaviour of MATE attacker in SDN after control has been taken from the controller to help in the detection and prevention of the MATE attack.","PeriodicalId":375871,"journal":{"name":"Int. J. Grid Util. Comput.","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Grid Util. Comput.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJGUC.2019.10022146","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Software defined network (SDN) is an emerging technology that decouples the control plane from data plane in its network architecture. This architecture exposes new threats that are absent in the traditional IP network. The man at the end attack (MATE) is one of the serious attacks against SDN controller. The MATE attacker does his/her malicious activities by exploiting the nature of messages between the controller and switches which are involved in requests and replies. This paper proposes a new detection method for MATE attack. We also used the spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege (STRIDE) model in the classification of a four-dimensional model to determine which attacks can be considered as MATE. Furthermore, we determine the behaviour of MATE attacker in SDN after control has been taken from the controller to help in the detection and prevention of the MATE attack.
软件定义网络(SDN)是一种新兴的技术,它在网络架构上将控制平面和数据平面解耦。这种架构暴露了传统IP网络中不存在的新威胁。终端人攻击(man at The end attack, MATE)是针对SDN控制器的严重攻击之一。MATE攻击者通过利用控制器和交换机之间涉及请求和应答的消息的性质来进行恶意活动。本文提出了一种新的MATE攻击检测方法。我们还在四维模型的分类中使用了欺骗、篡改、拒绝、信息披露、拒绝服务和特权提升(STRIDE)模型来确定哪些攻击可以被认为是MATE。此外,我们确定了从控制器获得控制后SDN中MATE攻击者的行为,以帮助检测和预防MATE攻击。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
