当前位置: X-MOL 学术Trans. Emerg. Telecommun. Technol. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Detection and defense against network isolation attacks in software‐defined networks
Transactions on Emerging Telecommunications Technologies ( IF 2.5 ) Pub Date : 2020-04-16 , DOI: 10.1002/ett.3895
Zhipeng Yu 1 , Hui Zhu 1 , Rui Xiao 1 , Chao Song 1 , Jian Dong 1 , Hui Li 1
Affiliation  

With the development and pervasiveness of Internet of Things (IoT) devices, Software‐Defined Networks (SDN) technology has been deployed to bring great convenience to network transmission. However, SDN over IoT network still faces many challenges on devices data security. Our work demonstrates a novel attack of SDN networks, named Network Harvesting (NH). In NH, an attacker has the ability to steal the users' network privileges without the awareness of victims and the switchers. Furthermore, to solve the above attack, we construct a detection scheme and a defense scheme, named RSDetector and SpoofDefender. RSDetector detects the presence of rogue switches in the network by leveraging the prediction power of machine learning. At the same time, SpoofDefender prevents a number of spoofing attacks including NH by the global control of the SDN networks. In addition, RSDetector and SpoofDefender are also evaluated on ONOS 1.10.4 and Mininet. A good deal of simulation results demonstrate that our proposed schemes have great optimization in reducing communication and computation costs.

中文翻译:

检测和防御软件定义网络中的网络隔离攻击

随着物联网(IoT)设备的发展和普及,已经部署了软件定义网络(SDN)技术,为网络传输带来了极大的便利。但是,物联网网络上的SDN在设备数据安全方面仍然面临许多挑战。我们的工作演示了一种名为Network Harvesting(NH)的SDN网络的新型攻击。在NH中,攻击者可以在没有受害者和切换者意识的情况下窃取用户的网络特权。此外,为了解决上述攻击,我们构造了一个检测方案和一个防御方案,分别称为RSDetector和SpoofDefender。RSDetector通过利用机器学习的预测能力来检测网络中是否存在恶意交换机。同时,SpoofDefender通过SDN网络的全局控制来防止许多欺骗攻击,包括NH。此外,还在ONOS 1.10.4和Mininet上对RSDetector和SpoofDefender进行了评估。大量的仿真结果表明,我们提出的方案在降低通信和计算成本方面有很大的优化。
更新日期:2020-04-16
down
wechat
bug