Institute of Computing Technology, Chinese Academy IR
| Dynamic Packet Forwarding Verification in SDN | |
| Li, Qi1,2; Zou, Xiaoyue1,2; Huang, Qun3; Zheng, Jing1,2; Lee, Patrick P. C.4 | |
| 2019-11-01 | |
| 发表期刊 | IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
 |
| ISSN | 1545-5971 |
| 卷号 | 16期号:6页码:915-929 |
| 摘要 | Like traditional IP networking, the emerging Software-Defined Networking (SDN) technology is vulnerable to sophisticated attacks against packets and their forwarding behaviors. However, existing proposals of packet forwarding verification for IP networking cannot be directly applied to the current SDN deployment due to the limited functionalities and resources in commercial off-the-shelf (COTS) SDN switches. We propose DynaPFV, a dynamic packet forwarding verification mechanism that is capable of detecting various sophisticated attacks against packet forwarding. DynaPFV leverages the controllability of SDN to examine both packets and flow statistics across a network of switches to detect violation of packet integrity and forwarding behaviors. To mitigate the verification overhead, DynaPFV dynamically adjusts the rates of packet sampling and flow statistics collection based on the prior detection results in order to preserve the verification accuracy. Furthermore, DynaPFV makes changes to the SDN controller only, and is directly deployable atop COTS SDN switches without modifications. We conduct theoretical analysis on the trade-off between performance and accuracy in our dynamic verification approach. We further prototype DynaPFV using the open-source Floodlight controller, and evaluate our DynaPFV prototype using Mininet simulations and hardware testbed experiments. DynaPFV achieves over 97 percent of verification accuracy only with less than 5 percent of throughput degradation and less than 10 percent of additional forwarding delays. |
| 关键词 | Control systems Cryptography Protocols IP networks Software Prototypes Delays Software-defined networking attacks forwarding verification |
| DOI | 10.1109/TDSC.2018.2810880 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Natural Science Foundation of China (NSFC)[61572278] ; National Natural Science Foundation of China (NSFC)[U1736209] |
| WOS研究方向 | Computer Science |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Information Systems ; Computer Science, Software Engineering |
| WOS记录号 | WOS:000498651200002 |
| 出版者 | IEEE COMPUTER SOC |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/14959 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Li, Qi |
| 作者单位 | 1.Tsinghua Univ, Grad Sch Shenzhen, Shenzhen 518055, Guangdong, Peoples R China 2.Tsinghua Univ, Dept Comp Sci, Beijing 100084, Peoples R China 3.Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China 4.Chinese Univ Hong Kong, Dept Comp Sci & Engn, Hong Kong, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Qi,Zou, Xiaoyue,Huang, Qun,et al. Dynamic Packet Forwarding Verification in SDN[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2019,16(6):915-929. |
| APA | Li, Qi,Zou, Xiaoyue,Huang, Qun,Zheng, Jing,&Lee, Patrick P. C..(2019).Dynamic Packet Forwarding Verification in SDN.IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,16(6),915-929. |
| MLA | Li, Qi,et al."Dynamic Packet Forwarding Verification in SDN".IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 16.6(2019):915-929. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论