Detecting host location attacks in SDN-based networks

摘要

Software Defined Networking (SDN) is an emerging technology that has increasingly become popular for implementing modern infrastructures. SDN offers advantages of programmable and flexible network management over the traditional practice. As more and more SDN-based networks are being implemented, it is necessary to consider security issues especially those that are inherent from SDN. This paper addresses an important SDN specific security issue, namely a host location (tracking) attack, where an attacker compromises a host and captures its location information to manipulate the packets and trick the controller. Such an attack can potentially lead to many harmful effects including disruption of network traffic and denial of services. In particular, we introduce a new host location attack that exploits unused ports, along with its countermeasure for the controller to detect and take appropriate actions. We illustrate and evaluate the proposed detection mechanism by network simulations. The results obtained from our experiments are effective and promising.