研究目的
To study the feasibility of ?ngerprinting the controller-switch interactions by a remote adversary in SDN networks, aiming to acquire knowledge about speci?c ?ow rules installed at the switches, and to evaluate the effectiveness of a proposed countermeasure.
研究成果
The study demonstrates that ?ngerprinting attacks on SDN networks are feasible and can be mounted with high accuracy using simple features like packet-pair dispersions and RTTs. Both active and passive adversaries can successfully identify controller-switch interactions, exposing the network to various threats. The proposed countermeasure, which delays the first few packets of every flow, significantly reduces the adversary's ability to mount such attacks, especially when fine-grained delay distributions are available.
研究不足
The study's findings rely on the assumption of a single SDN network on the path to the server. The presence of multiple SDN networks could complicate the identification of specific networks where interactions occur. Additionally, the stability of the RTT feature over time is limited, affecting the accuracy of passive ?ngerprinting attempts.
1:Experimental Design and Method Selection:
The study involved collecting measurements from hosts across the globe using a realistic SDN network comprising OpenFlow hardware and software switches. The methodology leveraged information from the RTT and packet-pair dispersion of exchanged packets to identify controller-switch interactions.
2:Sample Selection and Data Sources:
Measurements were collected from 20 remote clients deployed across the globe, exchanging UDP-based probe packet trains with a local server.
3:List of Experimental Equipment and Materials:
The testbed comprised three NEC PF5240 OpenFlow hardware switches, one OpenVSwitch (version 2.3.1), and a Floodlight v0.9 controller. The setup also included a cross-traf?c generator and a delay element for evaluating the countermeasure.
4:1), and a Floodlight v9 controller. The setup also included a cross-traf?c generator and a delay element for evaluating the countermeasure.
Experimental Procedures and Operational Workflow:
4. Experimental Procedures and Operational Workflow: Probe trains consisting of CLEAR packets and MTU-sized packet pairs were exchanged between clients and the server. Timing information was logged for each received packet.
5:Data Analysis Methods:
The effectiveness of ?ngerprinting attacks was evaluated using the Equal Error Rate (EER) metric, comparing the Probability Distribution Functions (PDFs) of measurements obtained with and without rule installation.
独家科研数据包,助您复现前沿成果����,加速创新突破
获取完整内容
