xinghuanlai Associate Professor

Supervisor of Doctorate Candidates

Supervisor of Master's Candidates

  

  • Education Level: PhD graduate

  • Professional Title: Associate Professor

  • Alma Mater: 英国诺丁汉大学

  • Supervisor of Doctorate Candidates

  • Supervisor of Master's Candidates

  • School/Department: 计算机与人工智能学院

  • Discipline:Communications and Information Systems
    Computer Science and Technology

    • MORE>
    Recommended Ph.D.Supervisor Recommended MA Supervisor
    Language: 中文

    Paper Publications

    Defending Saturation Attacks on SDN Controller: A Confusable Instance Analysis-based Algorithm

    DOI number:10.1016/j.comnet.2022.109098

    Affiliation of Author(s):School of Information Science and Technology, Southwest Jiaotong University

    Journal:Computer Networks

    Key Words:SDN,Saturation attack,Cusp catastrophe theory

    Abstract:Software-Defined Networking (SDN) is an emerging network architecture that offers flexible network management. Although the decoupling of the control plane and data plane provides network programmability for SDN, it also makes SDN become vulnerable to several attacks. The saturation attack is one of these attacks. It is a concealed attack that has a highly negative impact by overwhelming the SDN controller. Once the SDN controller is crashed, the network cannot work. Currently, the cusp catastrophe theory has already been used for detecting saturation attack against SDN controller. When using the cusp catastrophe theory to detect saturation attack in SDN, most instances will be identified as unstable instances. The additional detection of unstable instances is achieved using the distance between current state and previous state, leading to the low detection accuracy. To overcome that issues, in this work, we propose LICENSE, a saturation attack detection mechanism designed based on confusable instance analysis. More specifically, a Condition Transferring Mechanism (CTM) method is designed to first classify the input instances into two kinds, the unconfusable instance that clearly belongs to attack or benign instance and the confusable instance which is not easy to distinguish. Then a Network State Base Cusp model is proposed to further distinguish the confusable instance to stable instance and unstable instance. At last, a method recorded as Unstable Instance Detection (UID) is proposed for identifying unstable instances. The evaluation results demonstrate that LICENSE can reduce the number of unstable instances and improve the detection accuracy of unstable instances, thus achieving a higher overall detection performance. In conclusion, LICENSE can effectively detect saturation attack in SDN.

    Co-author:Longyan Ran,Yuehe Cui,Chun Guo,Qing Qian,Guowei Shen,Huanlai Xing

    Document Code:10.1016/j.comnet.2022.109098

    Volume:213

    Issue:4

    ISSN No.:1389-1286

    Translation or Not:no

    Date of Publication:2022-04-22

    Included Journals:SCI

    Copyright © 2019 Southwest Jiaotong University.All Rights Reserved . ICP reserve 05026985
    Address:999 Xi'an Road, Pidu District, Chengdu, Sichuan, China
     Chuangongnet Anbei 510602000061
    Technical support: Office of Information Technology and network management
    Click:    MOBILE Version Login

    The Last Update Time : ..