Audit-based correction mechanism for malicious statistics information of data plane

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Network Management Pub Date : 2023-01-23 DOI:10.1002/nem.2219

Dong Liang, Qinrang Liu, Ke Song, Binghao Yan, Tao Hu

{"title":"Audit-based correction mechanism for malicious statistics information of data plane","authors":"Dong Liang, Qinrang Liu, Ke Song, Binghao Yan, Tao Hu","doi":"10.1002/nem.2219","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>In software-defined networking (SDN), the controller relies on the information collected from the data plane for route planning, load balancing, and other functions. Statistics information is the most important kind of information among them, so the correctness of statistics information is the key to the proper operation of the network. Most of the current research on data plane focuses on policy consistency, rule redundancy, forwarding anomalies, and so on, and little attention is paid to whether the statistics information uploaded by the switches to the controller is correct. However, incorrect statistics information inevitably leads the controller to make wrong decisions. Therefore, this paper proposes an audit-based malicious information correction mechanism to address the problem of wrong statistics information uploaded by the switches. This mechanism audits the statistics information and locates malicious switches before uploading the statistics information to the controller. It identifies and corrects the statistics information errors by combining flow path and statistics information. We have performed simulations on Nsfnet, Abilene, and Fat-Tree, and the results show that our method can correct about 70% of the statistical information errors with less computational cost. To the best of our knowledge, this paper is the first malicious statistics information correction scheme for wildcard rules.</p>\n </div>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"33 2","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2219","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In software-defined networking (SDN), the controller relies on the information collected from the data plane for route planning, load balancing, and other functions. Statistics information is the most important kind of information among them, so the correctness of statistics information is the key to the proper operation of the network. Most of the current research on data plane focuses on policy consistency, rule redundancy, forwarding anomalies, and so on, and little attention is paid to whether the statistics information uploaded by the switches to the controller is correct. However, incorrect statistics information inevitably leads the controller to make wrong decisions. Therefore, this paper proposes an audit-based malicious information correction mechanism to address the problem of wrong statistics information uploaded by the switches. This mechanism audits the statistics information and locates malicious switches before uploading the statistics information to the controller. It identifies and corrects the statistics information errors by combining flow path and statistics information. We have performed simulations on Nsfnet, Abilene, and Fat-Tree, and the results show that our method can correct about 70% of the statistical information errors with less computational cost. To the best of our knowledge, this paper is the first malicious statistics information correction scheme for wildcard rules.

Abstract Image

查看原文本刊更多论文

基于审计的数据平面恶意统计信息纠正机制

在软件定义网络（SDN）中，控制器依赖于从数据平面收集的信息来进行路线规划、负载平衡和其他功能。统计信息是其中最重要的一类信息，因此统计信息的正确性是网络正常运行的关键。目前对数据平面的研究大多集中在策略一致性、规则冗余、转发异常等方面，很少关注交换机上传到控制器的统计信息是否正确。然而，不正确的统计信息不可避免地导致控制器做出错误的决策。因此，本文提出了一种基于审计的恶意信息更正机制，以解决交换机上传错误统计信息的问题。此机制在将统计信息上载到控制器之前，审核统计信息并定位恶意交换机。它通过结合流路径和统计信息来识别和纠正统计信息错误。我们在Nsfnet、Abilene和Fat-Tree上进行了模拟，结果表明，我们的方法可以用更少的计算成本纠正约70%的统计信息错误。据我们所知，本文是第一个针对通配符规则的恶意统计信息校正方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.