Abstract
The SDN controller uses the OpenFlow Discovery Protocol (OFDP) to collect network topology status. OFDP detects the link between OpenFlow switches by generating Link Layer Discovery Protocol (LLDP) packets. However, OFDP is not a completely secure protocol and can be used by attackers to perform topology discovery injection attacks, topology discovery man-in-the-middle attacks, and topology discovery flood attacks, thereby confusing the network topology. This paper proposes a Correlation-based Topology Anomaly Detection (CTAD) mechanism to run in a software-defined network controller. Spearman’s rank correlation is used to analyze the correlation between network traffic between links and measure the time difference between the round trip time of each LLDP frame to determine whether the topology man-in-the-middle attack exists in the network. This paper also adds a dynamic authentication key and counting mechanism in the LLDP frame to prevent attackers from using the topology discovery injection attack to generate fake links and topology discovery flooding attacks, causing network routing or switching abnormalities.
Highlights
In recent years, with the rapid development of smart devices, mobile devices, and network technologies, the number of network devices has exploded, and numerous network services have emerged
The software-defined networking (SDN) controller uses the Ryu controller provided by the Ryu SDN Framework Community, which communicates with the Open vSwitch on another virtual machine through OpenFlow
The results show that compared with OpenFlow discovery protocol (OFDP), after each topology discovery cycle ends, the link layer discovery protocol (LLDP) monitor calculates the number of LLDP packets received on each port
Summary
With the rapid development of smart devices, mobile devices, and network technologies, the number of network devices has exploded, and numerous network services have emerged. The SDN architecture separates the control layer of the traditional network device from the data layer and manages the routing and forwarding of network packets through one or several network controllers. The controller generates LLDP packets in a specific format to detect links between switches, and it maintains network topology information to facilitate optimal routing decisions for each service. (1) This study designs and implements a topology anomaly detection mechanism based on correlation analysis, which can detect an abnormal LLDP packet (2) The mechanism generates an authentication key in the LLDP packets and calculates the amount of received LLDP packets of each switch to avoid topology discovery via injection and flooding attacks (3) For the topology discovery via man-in-the-middle attack, the mechanism uses Spearman’s rank correlation coefficients [8] to analyze the network traffic between links and measure the round-trip time (RTT) of each LLDP packet.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
