DEFENSE AGAINST SOFTWARE-DEFINED NETWORK TOPOLOGY POISONING ATTACKS

Authors

  • Sadiya Sultana, Sara Begum, Asfia Jabeen B. E Student, Department of CSE, ISL College of Engineering, India. Author

Abstract

Software-Defined Network (SDN) represents a new network paradigm. Unlike conventional
networks, SDNs separate control planes and data planes. The function of a data plane is enabled using switches,
whereas that of a control plane is facilitated by a controller. The controller learns network topologies and makes
traffic forwarding decisions. However, some serious vulnerabilities are gradually exposed in the topology
management services of current SDN controller designs. These vulnerabilities mainly exist in host tracking and
link discovery services. Attackers can exploit these weak points to poison the network topology information in
SDN controllers. In this study, a novel solution is proposed to defend against topology poisoning attacks. By
analyzing the existing topology attack principles and threat models, this work constructs legal conditions for
host migration to detect host hijacking attacks. The checking of the Link Layer Discovery Protocol (LLDP)
source and integrity is designed to defend against link fabrication attacks. A relay-type link fabrication attack
detection method based on entropy is also designed. Results show that the proposed solution can effectively
detect existing topological attacks and provide complete and comprehensive topological security protection.

Downloads

Published

2024-04-29

Issue

Vol. 14 No. 2 (2024): April-June

Section

Articles

How to Cite

DEFENSE AGAINST SOFTWARE-DEFINED NETWORK TOPOLOGY POISONING ATTACKS. (2024). International Journal of Engineering and Science Research, 14(2), 514-523. https://ijesr.org/index.php/ijesr/article/view/732