Author(s): Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, Vijay Mann

Download: Paper (PDF)

Date: 7 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015


Software-defined networks (SDNs) allow greater control over network entities by centralizing the control plane, but place great burden on the administrator to manually ensure security and correct functioning of the entire network. We list several attacks on SDN controllers that can be mounted by compromised network entities, such as end hosts and soft switches, and demonstrate their feasibility on four popular SDN controllers. We propose SPHINX to detect both known and potentially unknown attacks originating within an SDN. SPHINX dynamically assimilates new network behavior and raises alerts when it detects suspicious changes to existing network control plane behavior. Our evaluation shows that SPHINX is capable of detecting attacks in SDNs in realtime with low performance overheads, and requires no changes to the SDN controllers for deployment.