An Efficient Defense Method For Compromised Switch and Middlebox-Bypass Attacks In Service Function Chaining

Abstract

Service function chaining (SFC) has a special and powerful ability to define an ordered list of required network services as a virtual chain and makes a network more flexible and manageable. However, there are many vulnerabilities to SFC, such as compromised switches and middlebox-bypass attacks, which can damage the operation and security of the network. In this study, we propose a mechanism that not only detects both middlebox-bypass attacks and compromised switch attacks in multiple service function chains scenario but also prevents such attacks and protects the network. The proposed mechanism uses both probe-based and statistics-based methods to handle the probe packets and collect statistics from middleboxes for detecting any attacks in SFC. After detection, the mechanism changes the network topology to eliminate the compromised switches, while meeting the initial requirements of the service chains. By combining probe-based and statistics-based methods, our proposal overcomes the disadvantages of other proposed solutions and brings about a robust protection to SFC. As the experimental results indicate, the proposed mechanism is an effective and relevant approach for detecting and preventing compromised switches and middlebox-bypass attacks in SFC.