{"title":"基于流规则分析的SDN数据平面异常状态检测方法","authors":"Wenbin Zhang, Qiang Wei, Zehui Wu, Yunchao Wang","doi":"10.1109/ICCEIC51584.2020.00035","DOIUrl":null,"url":null,"abstract":"As a new network architecture, Software Defined Networking (SDN) controls the network by software programming, which improves the flexibility of network configuration. However, the attack surface of SDN is larger than the traditional network. The three planes and the two channels all have vulnerability points, among which the attacks against the data plane are particularly critical. The attacks will interfere with the normal data forwarding behavior, resulting in the failure of the whole network data transmission. In this paper, a data plane abnormal behavior detection method based on flow rule analyzing is proposed. First, the characteristics of flow rules in terms of quantity, conflict and abnormal behaviors are extracted and analyzed, then a data plane abnormal state model is constructed, and finally, detection algorithm is used to detect abnormal behaviors, to assess whether the data plane state is safe. The experimental results show that the proposed method can accurately detect the data plane state anomalies. Compared with NetPlumber, our method can not only detect flow rule conflicts, but also detect the abnormal change trend in quantity of flow rules and malicious forwarding and packet loss caused by attacks.","PeriodicalId":135840,"journal":{"name":"2020 International Conference on Computer Engineering and Intelligent Control (ICCEIC)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A SDN Data Plane Abnormal State Detection Method Based on Flow Rules Analyzing\",\"authors\":\"Wenbin Zhang, Qiang Wei, Zehui Wu, Yunchao Wang\",\"doi\":\"10.1109/ICCEIC51584.2020.00035\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As a new network architecture, Software Defined Networking (SDN) controls the network by software programming, which improves the flexibility of network configuration. However, the attack surface of SDN is larger than the traditional network. The three planes and the two channels all have vulnerability points, among which the attacks against the data plane are particularly critical. The attacks will interfere with the normal data forwarding behavior, resulting in the failure of the whole network data transmission. In this paper, a data plane abnormal behavior detection method based on flow rule analyzing is proposed. First, the characteristics of flow rules in terms of quantity, conflict and abnormal behaviors are extracted and analyzed, then a data plane abnormal state model is constructed, and finally, detection algorithm is used to detect abnormal behaviors, to assess whether the data plane state is safe. The experimental results show that the proposed method can accurately detect the data plane state anomalies. Compared with NetPlumber, our method can not only detect flow rule conflicts, but also detect the abnormal change trend in quantity of flow rules and malicious forwarding and packet loss caused by attacks.\",\"PeriodicalId\":135840,\"journal\":{\"name\":\"2020 International Conference on Computer Engineering and Intelligent Control (ICCEIC)\",\"volume\":\"33 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 International Conference on Computer Engineering and Intelligent Control (ICCEIC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCEIC51584.2020.00035\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Computer Engineering and Intelligent Control (ICCEIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEIC51584.2020.00035","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A SDN Data Plane Abnormal State Detection Method Based on Flow Rules Analyzing
As a new network architecture, Software Defined Networking (SDN) controls the network by software programming, which improves the flexibility of network configuration. However, the attack surface of SDN is larger than the traditional network. The three planes and the two channels all have vulnerability points, among which the attacks against the data plane are particularly critical. The attacks will interfere with the normal data forwarding behavior, resulting in the failure of the whole network data transmission. In this paper, a data plane abnormal behavior detection method based on flow rule analyzing is proposed. First, the characteristics of flow rules in terms of quantity, conflict and abnormal behaviors are extracted and analyzed, then a data plane abnormal state model is constructed, and finally, detection algorithm is used to detect abnormal behaviors, to assess whether the data plane state is safe. The experimental results show that the proposed method can accurately detect the data plane state anomalies. Compared with NetPlumber, our method can not only detect flow rule conflicts, but also detect the abnormal change trend in quantity of flow rules and malicious forwarding and packet loss caused by attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
