%0 Journal Article %1 noauthororeditor %A Röpke, Christian %A Holz, Thorsten %B ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018) %D 2018 %K %T Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations %X In Software-Defined Networks (SDN), so called SDN controllers are responsible for managing the network devices building such a network. Once such a core component of the network has been infected with malicious software (e.g., by a malicious SDN application), an attacker typically has a strong interest in remaining undetected while compromising other devices in the network. Thus, hiding a malicious network state and corresponding network manipulations are important objectives for an adversary. To achieve this, rootkit techniques can be applied in order to manipulate the SDN controller’s view of a network. As a consequence, monitoring capabilities of SDN controllers as well as SDN applications with a security focus can be fooled by hiding adverse network manipulations. To tackle this problem, we propose a novel approach capable of detecting and preventing hidden network manipulations before they can attack a network. In particular, our method is able to drop adverse network manipulations before they are applied on a network. We achieve this by comparing the actual network state, which includes both malicious and benign configurations, with the network state which is provided by a potentially compromised SDN controller. In case of an attack, the result of this comparison reveals network manipulations which are adversely removed from an SDN controller’s view of a network. To demonstrate the capabilities of this approach, we implement a prototype and evaluate effectiveness as well as efficiency. The evaluation results indicate scalability and high performance of our system, while being able to protect major SDN controller platforms.

@article{noauthororeditor, abstract = {In Software-Defined Networks (SDN), so called SDN controllers are responsible for managing the network devices building such a network. Once such a core component of the network has been infected with malicious software (e.g., by a malicious SDN application), an attacker typically has a strong interest in remaining undetected while compromising other devices in the network. Thus, hiding a malicious network state and corresponding network manipulations are important objectives for an adversary. To achieve this, rootkit techniques can be applied in order to manipulate the SDN controller’s view of a network. As a consequence, monitoring capabilities of SDN controllers as well as SDN applications with a security focus can be fooled by hiding adverse network manipulations. To tackle this problem, we propose a novel approach capable of detecting and preventing hidden network manipulations before they can attack a network. In particular, our method is able to drop adverse network manipulations before they are applied on a network. We achieve this by comparing the actual network state, which includes both malicious and benign configurations, with the network state which is provided by a potentially compromised SDN controller. In case of an attack, the result of this comparison reveals network manipulations which are adversely removed from an SDN controller’s view of a network. To demonstrate the capabilities of this approach, we implement a prototype and evaluate effectiveness as well as efficiency. The evaluation results indicate scalability and high performance of our system, while being able to protect major SDN controller platforms.}, added-at = {2023-12-14T14:19:57.000+0100}, author = {Röpke, Christian and Holz, Thorsten}, biburl = {https://www.bibsonomy.org/bibtex/25ff5a42dc3bb237f84e7ca5486c7b924/admin}, booktitle = {ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018)}, day = 24, interhash = {dea6cd900904938477a0ba7f376a41d3}, intrahash = {5ff5a42dc3bb237f84e7ca5486c7b924}, keywords = {}, month = {August}, timestamp = {2023-12-14T14:19:57.000+0100}, title = {Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations}, year = 2018 }