Visible to the public Risk and avoidance strategy for blocking mechanism of SDN-based security service

Submitted by aekwall on Mon, 02/17/2020 - 1:28pm
TitleRisk and avoidance strategy for blocking mechanism of SDN-based security service
Publication TypeConference Paper
Year of Publication2019
AuthorsByun, Minjae, Lee, Yongjun, Choi, Jin-Young
Conference Name2019 21st International Conference on Advanced Communication Technology (ICACT)
Keywordsattack scenario, blocking mechanism, composability, computer network security, cost-effective risk avoidance strategy, data planes, dynamic network technology, Dynamic Networks and Security, forged IP address, forged packets, IEC standards, IP forging, IP networks, malicious host, Metrics, Monitoring, Protocols, pubcrawl, Resiliency, risk analysis, risk management, Scalability, SDN attack, SDN security, SDN-based security service, SDN-based Security Services, security, security risk management, software defined networking, software-defined network, Switches
Abstract

Software-Defined Network (SDN) is the dynamic network technology to address the issues of traditional networks. It provides centralized view of the whole network through decoupling the control planes and data planes of a network. Most SDN-based security services globally detect and block a malicious host based on IP address. However, the IP address is not verified during the forwarding process in most cases and SDN-based security service may block a normal host with forged IP address in the whole network, which means false-positive. In this paper, we introduce an attack scenario that uses forged packets to make the security service consider a victim host as an attacker so that block the victim. We also introduce cost-effective risk avoidance strategy.
DOI10.23919/ICACT.2019.8701887
Citation Keybyun_risk_2019
Groups: