Real-Time Link Verification in Software-Defined Networks

Software-defined networking (SDN) has been widely adopted in different networks, such as datacenter and service providers. The SDN controller has the entire network view and is responsible for managing it. To obtain such a view of the network, the controller employs link discovery protocols, which are vulnerable to attacks such as link fabrication attacks (LFAs). TopoGuard and TopoGuard+ are two major systems detecting LFAs. This paper introduces a link latency attack (LLA) that can bypass the defence mechanism of both systems. LLA can poison the view of the SDN controller from the network topology and causes outages, resulting in poor quality of service (QoS) or quality of experience (QoE). To mitigate this, we develop two machine learning-based defence systems, namely machine learning-based link guard (MLLG) and real-time link verification (RLV), to preserve the required defence for LLA. The MLLG works when the network topology rarely updates, while RLV can support frequent updates. Furthermore, RLV trains itself over a link latency dataset (LLD)-including latency data of fabricated and normal links- that is captured from the ongoing packets in the network. It also implements outlier detection techniques to identify a dynamic threshold for link latency. We test both systems on different scenarios using Mininet and show that they achieve reasonable results compared with current defence algorithms. Specifically, RLV presents the highest detection performance (F1-score) to 70% at less than 0.2% false-positive rate. The system also supports the robustness features when the attack rates vary from 3% to 7% in our simulated network.