查看文章

Software-defined networking (SDN) offers a novel paradigm for effective network management by decoupling the control plane from the data plane thereby allowing a high level of manageability and programmability. However, the notion of a centralized controller becomes a bottleneck by opening up a host of vulnerabilities to various types of attacks. One of the most harmful, stealthy, and easy to launch attacks against networked systems is the link flooding attack (LFA). In this paper, we demonstrate the vulnerability of the SDN control layer to LFA and how the attack strategy differs when targeting traditional networks which primarily involves attacking the links directly. In LFA, the attacker employs bots to surreptitiously send low rate legitimate traffic on the control channel which ultimately results in disconnecting control plane from the data plane. Mitigating LFA on the control channel remains a challenge in the …