{"title":"SDN 中的中继型链路制造攻击:综述","authors":"Getahun Metaferia;Frezewd Lemma","doi":"10.1109/LNET.2024.3493942","DOIUrl":null,"url":null,"abstract":"Software-defined Networking (SDN) is an innovative network architecture tailored to address the modern demands of network virtualization and cloud computing, which require features such as programmability, flexibility, agility, and openness to foster innovation. However, this architecture also brings forth new security challenges, particularly due to the separation of the data plane from the control plane. Our investigation centers on a specific vulnerability termed link fabrication, which can lead to topology poisoning. A compromised network topology can cause substantial disruptions across the entire network infrastructure. Through a systematic survey, we identified that significant research efforts have been directed towards mitigating link fabrication attacks. We classified the existing studies into six categories of vulnerabilities: Host-based, port amnesia, invisible assailant attack, topology freezing, switch-based link fabrication, and link latency. Furthermore, our survey highlights several open challenges in areas such as Programmable dataplane, dedicated attack trees and threat models, active defense and mitigation strategies, as well as controller awareness and machine learning. To address the vulnerabilities identified, we propose the implementation of a distance-bounding protocol concept at the control plane as a potential solution.","PeriodicalId":100628,"journal":{"name":"IEEE Networking Letters","volume":"7 1","pages":"51-55"},"PeriodicalIF":0.0000,"publicationDate":"2024-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Relay Type Link Fabrication Attack in SDN: A Review\",\"authors\":\"Getahun Metaferia;Frezewd Lemma\",\"doi\":\"10.1109/LNET.2024.3493942\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-defined Networking (SDN) is an innovative network architecture tailored to address the modern demands of network virtualization and cloud computing, which require features such as programmability, flexibility, agility, and openness to foster innovation. However, this architecture also brings forth new security challenges, particularly due to the separation of the data plane from the control plane. Our investigation centers on a specific vulnerability termed link fabrication, which can lead to topology poisoning. A compromised network topology can cause substantial disruptions across the entire network infrastructure. Through a systematic survey, we identified that significant research efforts have been directed towards mitigating link fabrication attacks. We classified the existing studies into six categories of vulnerabilities: Host-based, port amnesia, invisible assailant attack, topology freezing, switch-based link fabrication, and link latency. Furthermore, our survey highlights several open challenges in areas such as Programmable dataplane, dedicated attack trees and threat models, active defense and mitigation strategies, as well as controller awareness and machine learning. To address the vulnerabilities identified, we propose the implementation of a distance-bounding protocol concept at the control plane as a potential solution.\",\"PeriodicalId\":100628,\"journal\":{\"name\":\"IEEE Networking Letters\",\"volume\":\"7 1\",\"pages\":\"51-55\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-11-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Networking Letters\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10747235/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Networking Letters","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10747235/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Relay Type Link Fabrication Attack in SDN: A Review
Software-defined Networking (SDN) is an innovative network architecture tailored to address the modern demands of network virtualization and cloud computing, which require features such as programmability, flexibility, agility, and openness to foster innovation. However, this architecture also brings forth new security challenges, particularly due to the separation of the data plane from the control plane. Our investigation centers on a specific vulnerability termed link fabrication, which can lead to topology poisoning. A compromised network topology can cause substantial disruptions across the entire network infrastructure. Through a systematic survey, we identified that significant research efforts have been directed towards mitigating link fabrication attacks. We classified the existing studies into six categories of vulnerabilities: Host-based, port amnesia, invisible assailant attack, topology freezing, switch-based link fabrication, and link latency. Furthermore, our survey highlights several open challenges in areas such as Programmable dataplane, dedicated attack trees and threat models, active defense and mitigation strategies, as well as controller awareness and machine learning. To address the vulnerabilities identified, we propose the implementation of a distance-bounding protocol concept at the control plane as a potential solution.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
