Software-defined networks are vulnerable to attacks by compromised switches because commonly used programmable software switches are risky than traditional hardware ones. Although several countermeasures have been proposed to address compromised switches, the accuracy of detecting a malicious behavior depends on the performance of network statistics gathering by a controller. In this paper, we propose that WhiteRabbit is an approach to verify the consistency of the forwarding state by gathering real-time network statistics gathering from switches with accurate time scheduling. WhiteRabbit can detect attacks by compromised switches without being influenced by the performance of statistics gathering of a controller. Given that the proposed utilizes moving average, it mitigates the effect on the verification accuracy from the impact of the switch performance, such as scheduling error. In our previous work, we demonstrated the feasibility of WhiteRabbit using a prototype system. However, we could not evaluate the impact of the difference between the scheduled and actual execution times in our previous work, because we performed the experiment in a minimal setup using Mininet. Thus, we measured the scheduling error and time required to gather statistics in a large-scale environment. We also confirmed that the scheduling error is lower than the time required to gather statistics. Additionally, considering that WhiteRabbit only depends on the scheduling error, we verified that the accuracy of WhiteRabbit is higher than prior arts on the tree topology constructed with 15 switches. INDEX TERMS Data-plane verification, software-defined network (SDN), scheduled bundle, statistics gathering, precision time protocol (PTP).
I. INTRODUCTION A. BACKGROUNDNetwork attackers may compromise switches by abusing software or hardware vulnerability, and hence, networks are prone to attacks owing to these compromised switches. Cisco reported that routers in 318 models have the vulnerability to possibly encounter compromised switches by invoking a simple command [2]. The possible signs of a compromised switch are drop, delay, and deviation of packets.The associate editor coordinating the review of this manuscript and approving it for publication was Xiaofei Wang.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.