Visible to the public Detecting Compromised Switches And Middlebox-Bypass Attacks In Service Function Chaining

TitleDetecting Compromised Switches And Middlebox-Bypass Attacks In Service Function Chaining
Publication TypeConference Paper
Year of Publication2019
AuthorsThang, Nguyen Canh, Park, Minho
Conference Name2019 29th International Telecommunication Networks and Applications Conference (ITNAC)
Date Publishednov
KeywordsChained Attacks, Compromised Switches, computer network security, middlebox-bypass attack, probe-based methods, pubcrawl, Resiliency, Scalability, service function chaining, Service Function Chaining (SFC), SFC, statistical analysis, statistics-based methods
AbstractService Function Chaining (SFC) provides a special capability that defines an ordered list of network services as a virtual chain and makes a network more flexible and manageable. However, SFC is vulnerable to various attacks caused by compromised switches, especially the middlebox-bypass attack. In this paper, we propose a system that can detect not only middlebox-bypass attacks but also other incorrect forwarding actions by compromised switches. The existing solutions to protect SFC against compromised switches and middlebox-bypass attacks can only solve individual problems. The proposed system uses both probe-based and statistics-based methods to check the probe packets with random pre-assigned keys and collect statistics from middleboxes for detecting any abnormal actions in SFC. It is shown that the proposed system takes only 0.08 ms for the packet processing while it prevents SFC from the middlebox-bypass attacks and compromised switches, which is the negligible delay.
Citation Keythang_detecting_2019