Volume 10 - Issue 2
Detecting Malicious Middleboxes In Service Function Chaining
- Nguyen Canh Thang
Department of Information Communication Convergence Technology Soongsil University, Seoul 156-743, South Korea
nct@soongsil.ac.kr
- Minho Park
Department of Information Communication Convergence Technology Soongsil University, Seoul 156-743, South Korea, School of Electronic Engineering, Soongsil University, Seoul 156-743, South Korea
mhp@soongsil.ac.kr
Keywords: Service Function Chaining, Malicious Middlebox, Software-Defined Networking, Network Function Virtualization.
Abstract
Service Function Chaining (SFC) has become a new and robust technology in computer networking,
and takes advantage of both Software-Defined Networking (SDN) and Network Function Virtualization
(NFV). However, SFC simultaneously inherited the vulnerabilities from SDN and NFV,
especially the problem of malicious middleboxes. In this paper, we present a scheme that can detect
malicious middleboxes in SFC by combining two mechanisms: direct and indirect. The direct
mechanism injects a tool into the middleboxes to observe and report the state of each middlebox. In
contrast, the indirect mechanism creates a probe service chain, which includes trustful middleboxes,
to investigate the operation of other middleboxes in the network. Our experimental results show that
the proposed system exhibits low resource consumption while achieving a high detection rate and
accuracy. In addition, we demonstrate that the system is able to successfully detect malicious middleboxes
in SFC.