Classifying Poisoning Attacks in Software Defined Networking

Abstract

Software-Defined Networking (SDN) provides significant flexibility when it comes to complex network management. This makes this technology an ideal candidate for dealing with network management issues in satellite and terrestrial networks.One key innovation of SDN is the separation of the control plane from the data plane. This results in a new network element: the controller. Given the importance of the role of the logically centralised (physically distributed) controller, it becomes an important point to protect in the new SDN paradigm. It could be vulnerable to attacks that are common in traditional networks such as Distributed Denial of Service (DDoS). In this paper, we address a type of attack that could threaten the operation of SDN-based environments: poisoning attacks.To perform its function, the logically centralised controller must have an accurate view of the network state. The accuracy of this view is crucial to the operation of the network. This view is obtained by exchanging information among controllers and between controllers and network elements. Such information flow could be vulnerable to different types of poisoning attacks. The motivation for writing this paper is that (1) poisoning attacks on SDN networks could have great impact, (2) most of them are relatively recent and (3) the differences between such attacks could be subtle. Therefore, we address the issues by classifying poisoning attacks in SDN. We classify both attacks and defences. For attacks we make a distinction between direct poisoning attacks and attacks that are designed to evade a specific defence.