Gwardar: towards protecting a software-defined network from malicious network operating systems

Arash Shaghaghi; Salil S. Kanhere; Mohamed Ali Kaafar; Sanjay Jha

doi:10.1109/NCA.2018.8548074

Gwardar: towards protecting a software-defined network from malicious network operating systems

Arash Shaghaghi, Salil S. Kanhere, Mohamed Ali Kaafar, Sanjay Jha

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

6 Citations (Scopus)

Abstract

A Software-Defined Network (SDN) controller (aka. Network Operating System or NOS) is regarded as the brain of the network and is the single most critical element responsible to manage an SDN. Complimentary to existing solutions that aim to protect a NOS, we propose an intrusion protection system designed to protect an SDN against a controller that has been successfully compromised. Gwardar maintains a virtual replica of the data plane by intercepting the OpenFlow messages exchanged between the control and data plane. By observing the long-term flow of the packets, Gwardar learns the normal set of trajectories in the data plane for distinct packet headers. Upon detecting an unexpected packet trajectory, it starts by verifying the data plane forwarding devices by comparing the actual packet trajectories with the expected ones computed over the virtual replica. If the anomalous trajectories match the NOS instructions, Gwardar inspects the NOS itself. For this, it submits policies matching the normal set of trajectories and verifies whether the controller submits matching flow rules to the data plane and whether the network view provided to the application plane reflects the changes. Our evaluation results prove the practicality of Gwardar with a high detection accuracy in a reasonable time-frame.

Original language	English
Title of host publication	2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers (IEEE)
Pages	1-5
Number of pages	5
ISBN (Electronic)	9781538676592
ISBN (Print)	9781538676608
DOIs	https://doi.org/10.1109/NCA.2018.8548074
Publication status	Published - 26 Nov 2018
Event	17th IEEE International Symposium on Network Computing and Applications, NCA 2018 - Cambridge, United States Duration: 1 Nov 2018 → 3 Nov 2018

Conference

Conference	17th IEEE International Symposium on Network Computing and Applications, NCA 2018
Country/Territory	United States
City	Cambridge
Period	1/11/18 → 3/11/18

Keywords

Controller Security
SDN Security
Software-Defined Network

Access to Document

10.1109/NCA.2018.8548074

Cite this

Shaghaghi, A., Kanhere, S. S., Kaafar, M. A., & Jha, S. (2018). Gwardar: towards protecting a software-defined network from malicious network operating systems. In 2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018 (pp. 1-5). Article 8548074 Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/NCA.2018.8548074

@inproceedings{80c4d351883d4d5f93e5d68eb05f1558,

title = "Gwardar: towards protecting a software-defined network from malicious network operating systems",

abstract = "A Software-Defined Network (SDN) controller (aka. Network Operating System or NOS) is regarded as the brain of the network and is the single most critical element responsible to manage an SDN. Complimentary to existing solutions that aim to protect a NOS, we propose an intrusion protection system designed to protect an SDN against a controller that has been successfully compromised. Gwardar maintains a virtual replica of the data plane by intercepting the OpenFlow messages exchanged between the control and data plane. By observing the long-term flow of the packets, Gwardar learns the normal set of trajectories in the data plane for distinct packet headers. Upon detecting an unexpected packet trajectory, it starts by verifying the data plane forwarding devices by comparing the actual packet trajectories with the expected ones computed over the virtual replica. If the anomalous trajectories match the NOS instructions, Gwardar inspects the NOS itself. For this, it submits policies matching the normal set of trajectories and verifies whether the controller submits matching flow rules to the data plane and whether the network view provided to the application plane reflects the changes. Our evaluation results prove the practicality of Gwardar with a high detection accuracy in a reasonable time-frame.",

keywords = "Controller Security, SDN Security, Software-Defined Network",

author = "Arash Shaghaghi and Kanhere, {Salil S.} and Kaafar, {Mohamed Ali} and Sanjay Jha",

year = "2018",

month = nov,

day = "26",

doi = "10.1109/NCA.2018.8548074",

language = "English",

isbn = "9781538676608",

pages = "1--5",

booktitle = "2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018",

publisher = "Institute of Electrical and Electronics Engineers (IEEE)",

address = "United States",

note = "17th IEEE International Symposium on Network Computing and Applications, NCA 2018 ; Conference date: 01-11-2018 Through 03-11-2018",

}

Shaghaghi, A, Kanhere, SS, Kaafar, MA & Jha, S 2018, Gwardar: towards protecting a software-defined network from malicious network operating systems. in 2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018., 8548074, Institute of Electrical and Electronics Engineers (IEEE), Piscataway, NJ, pp. 1-5, 17th IEEE International Symposium on Network Computing and Applications, NCA 2018, Cambridge, United States, 1/11/18. https://doi.org/10.1109/NCA.2018.8548074

Gwardar: towards protecting a software-defined network from malicious network operating systems. / Shaghaghi, Arash; Kanhere, Salil S.; Kaafar, Mohamed Ali et al.
2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2018. p. 1-5 8548074.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Gwardar

T2 - 17th IEEE International Symposium on Network Computing and Applications, NCA 2018

AU - Shaghaghi, Arash

AU - Kanhere, Salil S.

AU - Kaafar, Mohamed Ali

AU - Jha, Sanjay

PY - 2018/11/26

Y1 - 2018/11/26

N2 - A Software-Defined Network (SDN) controller (aka. Network Operating System or NOS) is regarded as the brain of the network and is the single most critical element responsible to manage an SDN. Complimentary to existing solutions that aim to protect a NOS, we propose an intrusion protection system designed to protect an SDN against a controller that has been successfully compromised. Gwardar maintains a virtual replica of the data plane by intercepting the OpenFlow messages exchanged between the control and data plane. By observing the long-term flow of the packets, Gwardar learns the normal set of trajectories in the data plane for distinct packet headers. Upon detecting an unexpected packet trajectory, it starts by verifying the data plane forwarding devices by comparing the actual packet trajectories with the expected ones computed over the virtual replica. If the anomalous trajectories match the NOS instructions, Gwardar inspects the NOS itself. For this, it submits policies matching the normal set of trajectories and verifies whether the controller submits matching flow rules to the data plane and whether the network view provided to the application plane reflects the changes. Our evaluation results prove the practicality of Gwardar with a high detection accuracy in a reasonable time-frame.

AB - A Software-Defined Network (SDN) controller (aka. Network Operating System or NOS) is regarded as the brain of the network and is the single most critical element responsible to manage an SDN. Complimentary to existing solutions that aim to protect a NOS, we propose an intrusion protection system designed to protect an SDN against a controller that has been successfully compromised. Gwardar maintains a virtual replica of the data plane by intercepting the OpenFlow messages exchanged between the control and data plane. By observing the long-term flow of the packets, Gwardar learns the normal set of trajectories in the data plane for distinct packet headers. Upon detecting an unexpected packet trajectory, it starts by verifying the data plane forwarding devices by comparing the actual packet trajectories with the expected ones computed over the virtual replica. If the anomalous trajectories match the NOS instructions, Gwardar inspects the NOS itself. For this, it submits policies matching the normal set of trajectories and verifies whether the controller submits matching flow rules to the data plane and whether the network view provided to the application plane reflects the changes. Our evaluation results prove the practicality of Gwardar with a high detection accuracy in a reasonable time-frame.

KW - Controller Security

KW - SDN Security

KW - Software-Defined Network

UR - http://www.scopus.com/inward/record.url?scp=85059980732&partnerID=8YFLogxK

U2 - 10.1109/NCA.2018.8548074

DO - 10.1109/NCA.2018.8548074

M3 - Conference proceeding contribution

AN - SCOPUS:85059980732

SN - 9781538676608

SP - 1

EP - 5

BT - 2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018

PB - Institute of Electrical and Electronics Engineers (IEEE)

CY - Piscataway, NJ

Y2 - 1 November 2018 through 3 November 2018

ER -

Gwardar: towards protecting a software-defined network from malicious network operating systems

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this