• Login
    View Item 
    •   Mak IR Home
    • College of Computing and Information Sciences (CoCIS)
    • School of Computing and Informatics Technology (CIT)
    • School of Computing and Informatics Technology (CIT) Collection
    • View Item
    •   Mak IR Home
    • College of Computing and Information Sciences (CoCIS)
    • School of Computing and Informatics Technology (CIT)
    • School of Computing and Informatics Technology (CIT) Collection
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    A Link Fabrication Attack Mitigation Approach (LiFAMA) for Software Defined Networks

    Thumbnail
    View/Open
    KATONGOLE_COCIS_MDSE.pdf (1.829Mb)
    Date
    2022-11
    Author
    Katongole, Joseph
    Metadata
    Show full item record
    Abstract
    In software defined networks (SDN), the controller is a critical resource yet it is a potential target for attacks once compromised. The conventional Open Flow Discovery Protocol (OFPD) used in building the topology view by the controller has vulnerabilities that easily allow attackers to poison the network topology by creating fabricated links that can be used for malicious intent. OFDP makes use of the link layer discovery protocol (LLDP) to discover existing links. However, LLDP is not e cient in fabricated link detection. Existing approaches to mitigate this problem have focused on using passive approaches that depend on observing unexpected behaviour. Examples of such behaviour include link latency and packet patterns to trigger attack alerts. The problem with the existing solutions is that their implementation causes longer link discovery time. This implies that a dense SDN would su↵er from huge delays in the link discovery process. In this study, we propose a Link Fabrication Attack (LFA) Mitigation Approach (LiFAMA) which is an active mitigation approach and one that minimizes the link discovery time. The approach uses Link Layer Discovery Protocol (LLDP) packet authentication toghether with Keyed-Hash Based Message Authentication Code (HMAC) and a link verification database (PostgreSQL)that stores records of all known and verified links in the network. This approach has been implemented in an emulated SDN environment using Mininet and a Python based open source openflow (POX) controller. The results show that the approach detects fabricated links in SDN in real time and helps mitigate them. Additionally, the link discovery time of LiFAMA out competes that of an existing LFA mitigation approach.
    URI
    http://hdl.handle.net/10570/11189
    Collections
    • School of Computing and Informatics Technology (CIT) Collection

    DSpace 5.8 copyright © Makerere University 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of Mak IRCommunities & CollectionsTitlesAuthorsBy AdvisorBy Issue DateSubjectsBy TypeThis CollectionTitlesAuthorsBy AdvisorBy Issue DateSubjectsBy Type

    My Account

    LoginRegister

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    DSpace 5.8 copyright © Makerere University 
    Contact Us | Send Feedback
    Theme by 
    Atmire NV