Skip to main content
SpringerLink
Log in

Misreporting Attacks in Software-Defined Networking

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2020)

Abstract

Load balancers enable efficient use of network resources by distributing traffic fairly across them. In software-defined networking (SDN), load balancing is most often realized by a controller application that solicits traffic load reports from network switches and enforces load balancing decisions through flow rules. This separation between the control and data planes in SDNs creates an opportunity for an adversary at a compromised switch to misreport traffic loads to influence load balancing. In this paper, we evaluate the ability of such an adversary to control the volume of traffic flowing through a compromised switch by misreporting traffic loads. We use a queuing theoretic approach to model the attack and develop algorithms for misreporting that allow an adversary to tune attack parameters toward specific adversarial goals. We validate the algorithms with a virtual network testbed, finding that through misreporting the adversary can draw nearly all of the load in the subnetwork (+750%, or 85% of the load in the system), or an adversary-desired amount of load (a target load, e.g., +200%) to within 12% error of that target. This is yet another example of how depending on untrustworthy reporting in making control decisions can lead to fundamental security failures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We leave to future work analyzing more specialized variants of these algorithms.

  2. 2.

    Note that switches may have multiple pool members (ports), but here we just consider a single pool member per switch and use switch and pool member interchangeably.

References

  1. Project floodlight (2011). http://www.projectfloodlight.org/floodlight/. Accessed 19 Oct 2018

  2. Opendaylight project (2013). https://www.opendaylight.org/. Accessed 19 Oct 2018

  3. OpenFlow switch specification (2015). https://www.opennetworking.org/software-defined-standards/specifications/. Accessed 19 Oct 2018

  4. Arbettu, R.K., Khondoker, R., Bayarou, K., Weber, F.: Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers. In: 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks) (2016)

    Google Scholar 

  5. Aslam, S., Shah, M.A.: Load balancing algorithms in cloud computing: a survey of modern techniques. In: 2015 National Software Engineering Conference (NSEC), pp. 30–35. IEEE (2015)

    Google Scholar 

  6. Aslan, M., Matrawy, A.: On the impact of network state collection on the performance of SDN applications. IEEE Commun. Lett. 20(1), 5–8 (2016)

    Article  Google Scholar 

  7. Aweya, J., Ouellette, M., Montuno, D.Y., Doray, B., Felske, K.: An adaptive load balancing scheme for web servers. Int. J. Network Manage 12(1), 3–39 (2002)

    Article  Google Scholar 

  8. Benson, T., Akella, A., Maltz, D.A.: Network traffic characteristics of data centers in the wild. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 267–280. ACM (2010)

    Google Scholar 

  9. Benson, T., Anand, A., Akella, A., Zhang, M.: Understanding data center traffic characteristics. In: Proceedings of the 1st ACM Workshop on Research on Enterprise Networking, pp. 65–72. ACM (2009)

    Google Scholar 

  10. De Oliveira, R.L.S., Schweitzer, C.M., Shinoda, A.A., Prete, L.R.: Using Mininet for emulation and prototyping software-defined networks. In: 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), pp. 1–6. IEEE (2014)

    Google Scholar 

  11. Dhawan, M., Poddar, R., Mahajan, K., Mann, V.: SPHINX: detecting security attacks in software-defined networks (2015)

    Google Scholar 

  12. Dridi, L., Zhani, M.F.: SDN-Guard: DoS attacks mitigation in SDN networks. In: 2016 5th IEEE International Conference on Cloud Networking (Cloudnet) (2015)

    Google Scholar 

  13. Eisenbud, D.E., et al.: Maglev: A fast and reliable software network load balancer. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pp. 523–535 (2016)

    Google Scholar 

  14. Feghhi, S., Leith, D.J.: A web traffic analysis attack using only timing information. IEEE Trans. Inf. Forensics Secur. 11(8), 1747–1759 (2016)

    Article  Google Scholar 

  15. Guirguis, M., Bestavros, A., Matta, I., Zhang, Y.: Reduction of quality (RoQ) attacks on dynamic load balancers: vulnerability assessment and design tradeoffs. In: IEEE INFOCOM 2007–26th IEEE International Conference on Computer Communications, pp. 857–865. IEEE (2007)

    Google Scholar 

  16. Hong, S., Xu, L., Wang, H., Gu, G.: Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015)

    Google Scholar 

  17. Hong, S., Xu, L., Wang, H., Gu, G.: Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015)

    Google Scholar 

  18. Kang, M.S., Gligor, V.D., Sekar, V., et al.: SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks (2016)

    Google Scholar 

  19. Kang, N., Ghobadi, M., Reumann, J., Shraer, A., Rexford, J.: Niagara: scalable load balancing on commodity switches. Technical report, Technical Report (TR-973-14), Princeton (2014)

    Google Scholar 

  20. Khan, S., Gani, A., Wahab, A.W.A., Guizani, M., Khan, M.K.: Topology discovery in software defined networks: threats, taxonomy, and state-of-the-art. IEEE Commun. Surv. Tutorials 19(1), 303–324 (2016)

    Article  Google Scholar 

  21. Lee, S., Kim, J., Shin, S., Porras, P., Yegneswaran, V.: Athena: a framework for scalable anomaly detection in software-defined networks. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 249–260. IEEE (2017)

    Google Scholar 

  22. Mahmood, A., Rashid, I.: Comparison of load balancing algorithms for clustered web servers. In: ICIMU 2011: Proceedings of the 5th International Conference on Information Technology & Multimedia, pp. 1–6. IEEE (2011)

    Google Scholar 

  23. Mesbahi, M., Rahmani, A.M.: Load balancing in cloud computing: a state of the art survey (2016)

    Google Scholar 

  24. Neghabi, A.A., Jafari Navimipour, N., Hosseinzadeh, M., Rezaee, A.: Load balancing mechanisms in the software defined networks: a systematic and comprehensive review of the literature. IEEE Access 6, 14159–14178 (2018). https://doi.org/10.1109/ACCESS.2018.2805842

    Article  Google Scholar 

  25. Patel, P., et al.: Ananta: cloud scale load balancing. In: ACM SIGCOMM Computer Communication Review, vol. 43, pp. 207–218. ACM (2013)

    Google Scholar 

  26. Qian, H., Medhi, D.: Server operational cost optimization for cloud computing service providers over a time horizon. In: Hot-ICE (2011)

    Google Scholar 

  27. Rao, A., Legout, A., Lim, Y.s., Towsley, D., Barakat, C., Dabbous, W.: Network characteristics of video streaming traffic. In: Proceedings of the Seventh Conference on Emerging Networking Experiments and Technologies, pp. 1–12 (2011)

    Google Scholar 

  28. Scott-Hayward, S., O’Callaghan, G., Sezer, S.: SDN security: a survey. In: 2013 IEEE SDN For Future Networks and Services (SDN4FNS), pp. 1–7. IEEE (2013)

    Google Scholar 

  29. Wang, R., Butnariu, D., Rexford, J., et al.: OpenFlow-based server load balancing gone wild (2011)

    Google Scholar 

  30. Zhang, J., Yu, F.R., Wang, S., Huang, T., Liu, Z., Liu, Y.: Load balancing in data center networks: a survey. IEEE Commun. Surv. Tutorials 20(3), 2324–2352 (2018)

    Google Scholar 

  31. Zhang, Y.: An adaptive flow counting method for anomaly detection in SDN. In: Proceedings of the Ninth ACM Conference on Emerging Networking Experiments and Technologies, pp. 25–30. ACM (2013)

    Google Scholar 

Download references

Acknowledgements

This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. This work was also supported in part by the National Science Foundation under award CNS-1946022.

Author information

Authors and Affiliations

  1. The Pennsylvania State University, State College, PA, 16801, USA

    Quinn Burke, Patrick McDaniel, Thomas La Porta, Mingli Yu & Ting He

Authors
  1. Quinn Burke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patrick McDaniel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas La Porta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mingli Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ting He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quinn Burke .

Editor information

Editors and Affiliations

  1. Yonsei University, Seoul, Korea (Republic of)

    Noseong Park

  2. George Mason University, Fairfax, VA, USA

    Kun Sun

  3. Dipartimento di Informatica, Universita degli Studi, Milan, Milano, Italy

    Sara Foresti

  4. University of Florida, Gainesville, FL, USA

    Kevin Butler

  5. Division of Nephrology, University of Alabama, Birmingham, AL, USA

    Nitesh Saxena

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Burke, Q., McDaniel, P., Porta, T.L., Yu, M., He, T. (2020). Misreporting Attacks in Software-Defined Networking. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 335. Springer, Cham. https://doi.org/10.1007/978-3-030-63086-7_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-63086-7_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-63085-0

  • Online ISBN: 978-3-030-63086-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation