SPHINX: Detecting Security Attacks in Software-Defined Networks
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Software-defined networks (SDNs) allow greater control over network entities by centralizing the control plane, but place great burden on the administrator to manually ensure security and correct functioning of the entire network. We list several attacks on SDN controllers that can be mounted by compromised network entities, such as end hosts and soft switches, and demonstrate their feasibility on four popular SDN controllers. We propose SPHINX to detect both known and potentially unknown attacks originating within an SDN. SPHINX dynamically assimilates new network behavior and raises alerts when it detects suspicious changes to existing network control plane behavior. Our evaluation shows that SPHINX is capable of detecting attacks in SDNs in realtime with low performance overheads, and requires no changes to the SDN controllers for deployment.