A taxonomy for software-defined networking, man-in-the-middle attacks
Fischer, Briana D.
Lato, Anita M.
MetadataShow full item record
In contrast to traditional networks, Software Defined Networking (SDN) allows the programming of network functions via an Application Programming Interface (API). The ability to implement the APIs in software is advantageous for traffic manipulation in SDN. With automated logic being programmed into a centralized component of the SDN, network operators are presented with new and scalable methods for traffic manipulation. Enterprises and Internet Service Providers of all sizes can implement these techniques to great effect. Of particular concern are large state-owned providers. A motivation for this thesis came from a case study on China's Great Cannon and how the operators redirect benign traffic via content injection. In a technically similar fashion, we implemented targeted redirection on a software-defined network. Our experimentation demonstrates how an owner of the network can use man-in-the-middle (MiTM) techniques to redirect the traffic of unknowing users. To enable these techniques we wrote a MiTM application to redirect targeted users to a malicious server. Within a multi-switch test bed, our experimental results show that forcing our MiTM application to pass the injected response packet on a directed path to the switch closest to the targeted destination reduces the overall response time. In addition to testing for a route that would reduce overall HTTP response times, we illustrate the technical requirements of the attack in our MiTM taxonomy.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Salazar, Daniel (Monterey, CA; Naval Postgraduate School, 2018-06);This research examines the use of machine-learning techniques to identify malicious traffic in an emulated tactical computer network. The intent is to identify low-cost solutions based on open-source software capable of ...
Shing, Leslie (Monterey, California: Naval Postgraduate School, 2016-03);Networks are constantly bombarded with malicious or suspicious network traffic by attackers attempting to execute their attack operations. One of the most prevalent types of traffic observed on the network is scanning ...
Margulis, Scott A. (Monterey, California. Naval Postgraduate School, 2001-12);The Next Generation Internet (NGI) will address increased multi-media Internet service demands, requiring consistent Quality of Service (QoS), similar to the legacy phone system. Server Agent-based Active network Management ...