Adaptive Detection Method for Packet-In Message Injection Attack in SDN

Zhan, X; Chen, M; Yu, S; Zhang, Y

Adaptive Detection Method for Packet-In Message Injection Attack in SDN

Zhan, X Chen, M Yu, S

Zhang, Y

Permalink

Publisher:: Springer
Publication Type:: Conference Proceeding
Citation:: Algorithms and Architectures for Parallel Processing, 2020, 11945, pp. 482-495
Issue Date:: 2020-01-01

Closed Access

	Filename	Description	Size
	Zhan2020_Chapter_AdaptiveDetectionMethodForPack.pdf		1.14 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Zhan, X
dc.contributor.author	Chen, M
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.contributor.author	Zhang, Y
dc.date	2019-12-09
dc.date.accessioned	2021-05-07T05:20:22Z
dc.date.available	2021-05-07T05:20:22Z
dc.date.issued	2020-01-01
dc.identifier.citation	Algorithms and Architectures for Parallel Processing, 2020, 11945, pp. 482-495
dc.identifier.isbn	9783030389604
dc.identifier.issn	0302-9743
dc.identifier.issn	1611-3349
dc.identifier.uri	http://hdl.handle.net/10453/148786
dc.description.abstract	Packet-In message injection attack is severe in Software Defined Network (SDN), which will cause a single point of failure of the centralized controller and the crash of the entire network. Nowadays, there are many detection methods for it, including entropy detection and so on. We propose an adaptive detection method to proactively defend against this attack. We establish a Poisson probability distribution detection model to find the attack and use the flow table filter to mitigate it. We also use the EWMA method to update the expectation value of the model to adapt the actual network conditions. Our method has no need to send additional packets to request the switch information. The experiment results show that there is 92% true positive rate in case of attack with random destination IP packets injected, and true positive rate is 98.2% under the attack with random source IP packets injected.
dc.language	en
dc.publisher	Springer
dc.relation.ispartof	Algorithms and Architectures for Parallel Processing
dc.relation.ispartof	International Conference on Algorithms and Architectures for Parallel Processing
dc.relation.ispartofseries	Lecture Notes in Computer Science
dc.relation.isbasedon	10.1007/978-3-030-38961-1_42
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject.classification	Artificial Intelligence & Image Processing
dc.title	Adaptive Detection Method for Packet-In Message Injection Attack in SDN
dc.type	Conference Proceeding
utslib.citation.volume	11945
utslib.location.activity	Australia
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
utslib.copyright.status	closed_access	*
pubs.consider-herdc	false
dc.date.updated	2021-05-07T05:20:21Z
pubs.finish-date	2019-12-11
pubs.place-of-publication	Switzerland
pubs.publication-status	Published
pubs.start-date	2019-12-09
pubs.volume	11945
dc.location	Switzerland

Abstract:

Packet-In message injection attack is severe in Software Defined Network (SDN), which will cause a single point of failure of the centralized controller and the crash of the entire network. Nowadays, there are many detection methods for it, including entropy detection and so on. We propose an adaptive detection method to proactively defend against this attack. We establish a Poisson probability distribution detection model to find the attack and use the flow table filter to mitigate it. We also use the EWMA method to update the expectation value of the model to adapt the actual network conditions. Our method has no need to send additional packets to request the switch information. The experiment results show that there is 92% true positive rate in case of attack with random destination IP packets injected, and true positive rate is 98.2% under the attack with random source IP packets injected.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/148786