Home > Research > Publications & Outputs > Stealthy Verification Mechanism to Defend SDN A...

Electronic data

  • esorics18-author

    Final published version, 319 KB, PDF document


Text available via DOI:

View graph of relations

Stealthy Verification Mechanism to Defend SDN Against Topology Poisoning

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNChapter

Publication date15/01/2022
Host publicationInternet of Things
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages12
ISBN (electronic)9783030893286
ISBN (print)9783030893279
<mark>Original language</mark>English

Publication series

NameInternet of Things
ISSN (Print)2199-1073
ISSN (electronic)2199-1081


Software-defined network (SDN) is an emerging networking paradigm that segregates functionalities of control and data plane to reduce their complexity and provides more control, scalability, and centralized management. OpenFlow (OF) is a widely used protocol that builds a global and shared view of the network. Therefore, for SDN applications, the correctness of the topology view has a critical impact on the flow-based communication and provision of services. However, recently identified vulnerabilities in Open Flow Discovery Protocol (OFDP) reveal that malicious hosts or data plane switches can poison the global view of the network, and an intruder can launch man-in-the-middle or denial of service attacks. Existing passive approach-based solutions work well for known attacks. Some solutions use an active approach to identify the fake links or malicious hosts by sending Stealthy Probing Verification (SPV) packets. However, due to the use of probing mechanism, it faces scalability and bandwidth consumption issues in the case of large data centers networks and resource limited networks. The proposed technique is based on the SPV mechanism, however, to counter the scalability and bandwidth issues, the probing packets are only initiated when triggered updates of a new link or network node are received by the SDN controller. The probing traffic has been reduced by 40%. Hence consume less bandwidth and identifies a malicious host in less than 90 ms. The results indicate that the Enhance Stealthy Probing Verification (ESPV) is a more scalable and suitable solution to detect and identify fake links or malicious hosts in large data center networks and resource limited networks such as Wireless Sensor Networks (WSNs).