부산대학교 도서관

Software Defined Networking (SDN) introduces a new network architecture offering means of programmability through an externalized centralized control plane. As a result most security research addresses attacks against this central entity. Contrary to that, attacks against the data plane in SDN did not perceive a broad attention in the scientific community so far. In this work we discuss Denial of Service attacks against the data plane and their impact. We propose a tailored statistical detection approach as well as a lightweight countermeasure. We evaluate the detection by simulation and an analytical approach. Throughout this evaluation, we highlight the trade-off between detection speed and adaptability and show a way to tune the solution analytically. Our results show, that we can detect and mitigate attacks against the data plane in a lightweight and dependable way.