WedgeTail

An intrusion prevention system for the data plane of software defined networks

Arash Shaghaghi, Mohamed Ali Kaafar, Sanjay Jha

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

20 Citations (Scopus)

Abstract

Networks are vulnerable to disruptions caused by malicious forwarding devices. The situation is likely to worsen in Soft- ware Defined Networks (SDNs) with the incompatibility of existing solutions, use of programmable soft switches and the potential of bringing down an entire network through compromised forwarding devices. In this paper, we present WedgeTail, an Intrusion Prevention System (IPS) designed to secure the SDN data plane. WedgeTail regards forward- ing devices as points within a geometric space and stores the path packets take when traversing the network as trajecto- ries. To be efficient, it prioritizes forwarding devices before inspection using an unsupervised trajectory-based sampling mechanism. For each of the forwarding device, WedgeTail computes the expected and actual trajectories of packets and 'hunts' for any forwarding device not processing pack- ets as expected. Compared to related work, WedgeTail is also capable of distinguishing between malicious actions such as packet drop and generation. Moreover, WedgeTail em- ploys a radically different methodology that enables detect- ing threats autonomously. In fact, it has no reliance on pre-defined rules by an administrator and may be easily im- ported to protect SDN networks with different setups, for- warding devices, and controllers. We have evaluated Wed- geTail in simulated environments, and it has been capable of detecting and responding to all implanted malicious for- warding devices within a reasonable time-frame. We report on the design, implementation, and evaluation of WedgeTail in this manuscript.

Original languageEnglish
Title of host publicationASIA CCS 2017
Subtitle of host publicationProceedings of the 2017 ACM on Asia Conference on Computer and Communications Security
Place of PublicationNew York, NY
PublisherAssociation for Computing Machinery, Inc
Pages849-861
Number of pages13
ISBN (Electronic)9781450349444
DOIs
Publication statusPublished - 2 Apr 2017
Externally publishedYes
Event2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017 - Abu Dhabi, United Arab Emirates
Duration: 2 Apr 20176 Apr 2017

Conference

Conference2017 ACM Asia Conference on Computer and Communications Security, ASIA CCS 2017
CountryUnited Arab Emirates
CityAbu Dhabi
Period2/04/176/04/17

Keywords

  • Data plane security
  • Intrusion prevention system
  • SDN security
  • Software defined networks

Fingerprint Dive into the research topics of 'WedgeTail: An intrusion prevention system for the data plane of software defined networks'. Together they form a unique fingerprint.

  • Cite this

    Shaghaghi, A., Kaafar, M. A., & Jha, S. (2017). WedgeTail: An intrusion prevention system for the data plane of software defined networks. In ASIA CCS 2017: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 849-861). New York, NY: Association for Computing Machinery, Inc. https://doi.org/10.1145/3052973.3053039