Abstract:
Software-Defined Network (SDN) is a promising solution of network virtualization.
But it is vulnerable to attacks by corrupted switches as existing detection mechanisms do
not work in this environment. A corrupted switch can also compromise the SDN controller.
In this paper, we propose a detection mechanism that can detect both compromised SDN
switches and controllers. Our main idea is to cluster to the frequently used devices and then
collect statistics of those switches to create the expected and actual path for a packet. Thus,
we can identify specific compromised switches and also specify the attacks. The detection
mechanism is not dependent on the controller performance as we collect statistics of the
switches in real-time and in a periodic manner.
