Detecting Malicious Middleboxes In
Service Function Chaining 1Department
of Information Communication Convergence Technology Soongsil University, Seoul 156-743, South Korea {nct,
mhp}@soongsil.ac.kr 2School of
Electronic Engineering, Soongsil
University, Seoul 156-743, South Korea Abstract Service Function Chaining (SFC) has become a new and robust technology in computer networking, and takes advantage of both Software-Defined Networking (SDN) and Network Function Virtualization (NFV). However, SFC simultaneously inherited the vulnerabilities from SDN and NFV, especially the problem of malicious middleboxes. In this paper, we present a scheme that can detect malicious middleboxes in SFC by combining two mechanisms: direct and indirect. The direct mechanism injects a tool into the middleboxes to observe and report the state of each middlebox. In contrast, the indirect mechanism creates a probe service chain, which includes trustful middleboxes, to investigate the operation of other middleboxes in the network. Our experimental results show that the proposed system exhibits low resource consumption while achieving a high detection rate and accuracy. In addition, we demonstrate that the system is able to successfully detect malicious middleboxes in SFC. Keywords: Service
Function Chaining, Malicious Middlebox, Software-Defined Networking, +: Corresponding author: Minho Park
Journal
of Internet Services and Information Security
(JISIS), 10(2): 82-90, May 2020 DOI: 10.22667/JISIS.2020.05.31.082 [pdf] |