Detecting Malicious Middleboxes In Service Function Chaining – Journal of Internet Services and Information Security

Volume 10 - Issue 2

Detecting Malicious Middleboxes In Service Function Chaining

Nguyen Canh Thang Department of Information Communication Convergence Technology Soongsil University, Seoul 156-743, South Korea
nct@soongsil.ac.kr
Minho Park Department of Information Communication Convergence Technology Soongsil University, Seoul 156-743, South Korea, School of Electronic Engineering, Soongsil University, Seoul 156-743, South Korea
mhp@soongsil.ac.kr

DOI: 10.22667/JISIS.2020.05.31.082

Keywords: Service Function Chaining, Malicious Middlebox, Software-Defined Networking, Network Function Virtualization.

Abstract

Service Function Chaining (SFC) has become a new and robust technology in computer networking, and takes advantage of both Software-Defined Networking (SDN) and Network Function Virtualization (NFV). However, SFC simultaneously inherited the vulnerabilities from SDN and NFV, especially the problem of malicious middleboxes. In this paper, we present a scheme that can detect malicious middleboxes in SFC by combining two mechanisms: direct and indirect. The direct mechanism injects a tool into the middleboxes to observe and report the state of each middlebox. In contrast, the indirect mechanism creates a probe service chain, which includes trustful middleboxes, to investigate the operation of other middleboxes in the network. Our experimental results show that the proposed system exhibits low resource consumption while achieving a high detection rate and accuracy. In addition, we demonstrate that the system is able to successfully detect malicious middleboxes in SFC.

Date

May 2020

Page Number

82-90