Data Theft Attack Detection Method for SDN Edge Switch

As a device for data forwarding and policy enforcement, the permissions of SDN switches should not be stolen by unauthorized entities. Such requirement cannot be met because there are compromised switches in data plane due to malicious attacks. This paper proposes a data theft attack initiated by edge switches, which can evade network-wide anomaly detection. In this paper, we address this problem and propose a flow information consistency detection method. The host completes the information transmission with the controller through the packet_in message mechanism by constructing special packet, and the controller performs flow information consistency authentication on the flow table entry request message to detect anomalies. Finally, this paper conducts experiments on the mininet platform based on the ryu controller. The experimental results show that this method can only increase the time cost slightly (1%-2%) while resisting the attack of the edge switch.