Adaptive Detection Method for Packet-In Message Injection Attack in SDN

Publication Type:
Conference Proceeding
Algorithms and Architectures for Parallel Processing, 2020, 11945, pp. 482-495
Issue Date:
Filename Description Size
Zhan2020_Chapter_AdaptiveDetectionMethodForPack.pdf1.14 MB
Adobe PDF
Full metadata record
Packet-In message injection attack is severe in Software Defined Network (SDN), which will cause a single point of failure of the centralized controller and the crash of the entire network. Nowadays, there are many detection methods for it, including entropy detection and so on. We propose an adaptive detection method to proactively defend against this attack. We establish a Poisson probability distribution detection model to find the attack and use the flow table filter to mitigate it. We also use the EWMA method to update the expectation value of the model to adapt the actual network conditions. Our method has no need to send additional packets to request the switch information. The experiment results show that there is 92% true positive rate in case of attack with random destination IP packets injected, and true positive rate is 98.2% under the attack with random source IP packets injected.
Please use this identifier to cite or link to this item: