[en] Software-defined networks (SDN) enable flexible and effective communication systems that are managed by centralized software controllers. However, such a controller can undermine the underlying communication network of an SDN-based system and thus must be carefully tested. When an SDN-based system fails, in order to address such a failure, engineers need to precisely understand the conditions under which it occurs. In this article, we introduce a machine learning-guided fuzzing method, named FuzzSDN, aiming at both (1) generating effective test data leading to failures in SDN-based systems and (2) learning accurate failure- inducing models that characterize conditions under which such system fails. To our knowledge, no existing work simultaneously addresses these two objectives for SDNs. We evaluate FuzzSDN by applying it to systems controlled by two open-source SDN controllers. Further, we compare FuzzSDN with two state-of-the-art methods for fuzzing SDNs and two baselines for learning failure-inducing models. Our results show that (1) compared to the state-of-the-art methods, FuzzSDN generates at least 12 times more failures, within the same time budget, with a controller that is fairly robust to fuzzing and (2) our failure-inducing models have, on average, a precision of 98% and a recall of 86%, significantly outperforming the baselines.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > SVV - Software Verification and Validation
Disciplines :
Computer science
Author, co-author :
OLLANDO, Raphaël ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
SHIN, Seung Yeob ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SVV
BRIAND, Lionel; University of Limerick > Lero Centre ; University of Ottawa [CA]
External co-authors :
yes
Language :
English
Title :
Learning Failure-Inducing Models for Testing Software-Defined Networks
Publication date :
23 January 2024
Journal title :
ACM Transactions on Software Engineering and Methodology
ISSN :
1049-331X
Publisher :
Association for Computing Machinery (ACM), United States
Peer reviewed :
Peer Reviewed verified by ORBi
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR14016225 - Integrated Satellite-terrestrial Systems For Ubiquitous Beyond 5g Communications, 2020 (01/10/2020-30/09/2026) - Symeon Chatzinotas
Kinan Dak Albab, Jonathan DiLorenzo, Stefan Heule, Ali Kheradmand, Steffen Smolka, Konstantin Weitz, Muhammad Timarzi, Jiaqi Gao, and Minlan Yu. 2022. SwitchV: Automated SDN switch validation with P4 models. In Proceedings of the ACM SIGCOMM 2022 Conference. 365–379.
Abdullah M. Alshanqiti, Safi Faizullah, Sarwan Ali, Maria Khalid Alvi, Muhammad Asad Khan, and Imdadullah Khan. 2019. Detecting DDoS attack on SDN due to vulnerabilities in OpenFlow. In Proceedings of the 2019 International Conference on Advances in the Emerging Computing Technologies. 1–6.
Fetia Bannour, Sami Souihi, and Abdelhamid Mellouk. 2018. Distributed SDN control: Survey, taxonomy, and challenges. IEEE Communications Surveys and Tutorials 20, 1 (2018), 333–354.
Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O’Connor, Pavlin Radoslavov, William Snow, and Guru Parulkar. 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. 1–6.
Suman Sankar Bhunia and Mohan Gurusamy. 2017. Dynamic attack detection and mitigation in IoT using SDN. In Proceedings of the 27th International Telecommunication Networks and Applications Conference. 1–6.
Martin Björklund, Jürgen Schönwälder, Philip A. Shafer, Kent Watsen, and Robert Wilton. 2018. Network Management Datastore Architecture (NMDA). RFC 8342.
Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming protocol-independent packet processors. Computer Communication Review 44, 3 (2014), 87–95.
Robert T. Braden. 1989. Requirements for Internet Hosts - Communication Layers. Information RFC 1122. Internet Engineering Task Force (IETF).
Caius Brindescu, Iftekhar Ahmed, Rafael Leano, and Anita Sarma. 2020. Planning for untangling: Predicting the difficulty of merge conflicts. In Proceedings of the 42nd International Conference on Software Engineering. 801–811.
Yuqi Chen, Christopher M. Poskitt, Jun Sun, Sridhar Adepu, and Fan Zhang. 2019. Learning-guided network fuzzing for testing cyber-physical system defences. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering. 962–973.
Juan Camilo Correa Chica, Jenny Cuatindioy Imbachi, and Juan Felipe Botero. 2020. Security in SDN: A comprehensive survey. Journal of Network and Computer Applications 159 (2020), 1–23.
Edmund M. Clarke, Thomas A. Henzinger, Helmut Veith, and Roderick Bloem (Eds.). 2018. Handbook of Model Checking. Springer.
William W. Cohen. 1995. Fast effective rule induction. In Proceedings of the 12th International Conference on Machine Learning. 115–123.
Mauro Conti, Nicola Dragoni, and Viktor Lesyk. 2016. A survey of man in the middle attacks. IEEE Communications Surveys and Tutorials 18, 3 (2016), 2027–2051.
Leonardo de Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In Proceeding of the 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 337–340.
Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, and Vijay Mann. 2015. SPHINX: Detecting security attacks in software-defined networks. In Proceedings of the 22nd Network and Distributed System Security Symposium. 1–16.
Vaibhav Hemant Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao, and Gail-Joon Ahn. 2018. AIM-SDN: Attacking information mismanagement in SDN-datastores. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 664–676.
Dmitry Drutskoy, Eric Keller, and Jennifer Rexford. 2013. Scalable network virtualization in software-defined networks. IEEE Internet Computing 17, 2 (2013), 20–27.
Ramakrishnan Durairajan, Joel Sommers, and Paul Barford. 2014. Controller-agnostic SDN debugging. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies. Aruna Seneviratne, Christophe Diot, Jim Kurose, Augustin Chaintreau, and Luigi Rizzo (Eds.). 227–234.
Ramon Ferrús, Harilaos Koumaras, Oriol Sallent, George Agapiou, Tinku Rasheed, M-A Kourtis, C Boustie, Patrick Gélard, and Toufik Ahmed. 2016. SDN/NFV-enabled satellite communications networks: Opportunities, scenarios and challenges. Journal of Physical Communication 18 (2016), 95–112.
Andrea Fioraldi, Dominik Christian Maier, Heiko Eißfeldt, and Marc Heuse. 2020. AFL++: Combining Incremental Steps of Fuzzing Research. In Proceedings of the 14th USENIX Workshop on Offensive Technologies.
Baljinder Ghotra, Shane McIntosh, and Ahmed E. Hassan. 2015. Revisiting the impact of classification techniques on the performance of defect prediction models. In Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 789–800.
Patrice Godefroid, Hila Peleg, and Rishabh Singh. 2017. Learn&Fuzz: Machine learning for input fuzzing. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering. 50–59.
Rahul Gopinath, Alexander Kampmann, Nikolas Havrikov, Ezekiel O. Soremekun, and Andreas Zeller. 2020. Abstracting failure-inducing inputs. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. ACM, 237–248.
Evangelos Haleplidis, Kostas Pentikousis, Spyros G. Denazis, Jamal Hadi Salim, David Meyer, and Odysseas G. Koufopavlou. 2015. Software-Defined Networking (SDN): Layers and Architecture Terminology. Information RFC 7426. Internet Research Task Force (IRTF).
Joel M. Halpern, Robert Haas, Doria Avri, Ligang Dong, Weiming Wang, Hormuzd M. Khosravi, Jamal Hadi Salim, and Ram Gopal. 2010. Forwarding and Control Element Separation (ForCES) Protocol Specification. Information RFC 5810.
Fitash Ul Haq, Donghwan Shin, Shiva Nejati, and Lionel C. Briand. 2021. Can offline testing of deep neural networks replace their online testing? Empirical Software Engineering 26, 90 (2021), 1–30.
Frank Hutter, Lars Kotthoff, and Joaquin Vanschoren. 2019. Automated Machine Learning: Methods, Systems, Challenges (1st. ed.). Springer.
Samuel Jero, Xiangyu Bu, Cristina Nita-Rotaru, Hamed Okhravi, Richard Skowyra, and Sonia Fahmy. 2017. BEADS: Automated attack discovery in OpenFlow-Based SDN systems. In Proceedings of the 20th International Symposium on Research in Attacks, Intrusions, and Defenses. 311–333.
Alexander Kampmann, Nikolas Havrikov, Ezekiel O. Soremekun, and Andreas Zeller. 2020. When does my program do this? Learning circumstances of software behavior. In Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1228–1239.
Bob Lantz, Brandon Heller, and Nick McKeown. 2010. A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. 1–6.
Adrian Lara, Anisha Kolasani, and Byrav Ramamurthy. 2014. Network innovation using OpenFlow: A survey. IEEE Communications Surveys and Tutorials 16, 1 (2014), 493–512.
Seungsoo Lee, Seungwon Woo, Jinwoo Kim, Jaehyun Nam, Vinod Yegneswaran, Phillip A. Porras, and Seungwon Shin. 2022. A framework for policy inconsistency detection in software-defined networks. IEEE/ACM Transactions on Networking 30, 3 (2022), 1410–1423.
Seungsoo Lee, Seungwon Woo, Jinwoo Kim, Vinod Yegneswaran, Phillip A. Porras, and Seungwon Shin. 2020. AudiSDN: Automated detection of network policy inconsistencies in software-defined networks. In Proceedings of the 39th IEEE Conference on Computer Communications. 1788–1797.
Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, and Phillip Porras. 2017. DELTA: A security assessment framework for software-defined networks. In Proceedings of the 24th Network and Distributed System Security Symposium. 1–15.
Yahui Li, Zhiliang Wang, Jiangyuan Yao, Xia Yin, Xingang Shi, Jianping Wu, and Han Zhang. 2019. MSAID: Automated detection of interference in multiple SDN applications. Computer Networks 153 (2019), 49–62.
Jiajia Liu, Yongpeng Shi, Lei Zhao, Yurui Cao, Wen Sun, and Nei Kato. 2018. Joint placement of controllers and gateways in SDN-enabled 5G-satellite integrated network. IEEE Journal on Selected Areas in communications 36, 2 (2018), 221–232.
Valentin J. M. Manes, HyungSeok Han, Choongwoo Han, Sang Kil Cha, Manuel Egele, Edward J. Schwartz, and Maverick Woo. 2021. The art, science, and engineering of fuzzing: A survey. IEEE Transactions on Software Engineering 47, 11 (2021), 2312–2331.
Canini Marco, Venzano Daniele, Perešíni Peter, Kostić Dejan, and Rexford Jennifer. 2012. A NICE way to test OpenFlow applications. In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation. 127–140.
Jelena Mirkovic and Peter Reiher. 2004. A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Computer Communication Review 34, 2 (2004), 39–53.
Christoph Molnar. 2022. Interpretable Machine Learning: A Guide for Making Black Box Models Explainable (2nd. ed.). Retrieved from https://christophm.github.io/interpretable-ml-book
John Moy. 1998. OSPF Version 2. Information RFC 2328. Ascend Communications, Inc.
Saurav Nanda, Faheem Zafari, Casimer DeCusatis, Eric Wedaa, and Baijian Yang. 2016. Predicting network attack patterns in SDN using machine learning approach. In Proceedings of the 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks. 167–172.
Raphael Ollando, Seung Yeob Shin, and Lionel C. Briand. 2023. [Artifact Repository] Learning Failure-Inducing Models for Testing Software-Defined Networks. Retrieved from https://figshare.com/s/541ddc973352a8ac193e. Accessed 1 February 2024.
Open Networking Foundation. 2015. OpenFlow Switch Specification, Version 1.5.1. Specification ONF TS-025. Open Networking Foundation.
Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury. 2020. AFLNET: A greybox fuzzer for network protocols. In Proceedings of the 13th IEEE International Conference on Software Testing, Validation and Verification. 460–465.
David C. Plummer. 1982. An Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. Information. Internet Engineering Task Force (IETF).
Jon Postel. 1980. User Datagram Protocol. Information RFC 768. USC/Information Sciences Institute.
Jon Postel. 1981. Transmission Control Protocol. Information RFC 793. USC/Information Sciences Institute.
Ross Quinlan. 1993. C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers.
Wajid Rafique, Lianyong Qi, Ibrar Yaqoob, Muhammad Imran, Raihan Ur Rasool, and Wanchun Dou. 2020. Complementing IoT services through software defined networking and edge computing: A comprehensive survey. IEEE Communications Surveys and Tutorials 22, 3 (2020), 1761–1804.
Yakov Rekhter, Tony Li, and Susan Hares. 2006. A Border Gateway Protocol 4 (BGP-4). Information RFC 4271. Internet Engineering Task Force (IETF).
Christian Röpke and Thorsten Holz. 2015. SDN Rootkits: Subverting network operating systems of software-defined networks. In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses. 339–356.
RYU Project Team. 2014. RYU SDN Framework (1st. ed.). RYU Project Team.
Seung Yeob Shin, Shiva Nejati, Mehrdad Sabetzadeh, Lionel C. Briand, Chetan Arora, and Frank Zimmer. 2020. Dynamic adaptation of software-defined networks for IoT systems: A search-based approach. In Proceedings of the 15th IEEE/ACM International Symposium on Software Engineering for Adaptive and Self-Managing Systems. 137–148.
Apoorv Shukla, Said Jawad Saidi, Stefan Schmid, Marco Canini, Thomas Zinner, and Anja Feldmann. 2020. Toward consistent SDNs: A case for network state fuzzing. IEEE Transactions on Network and Service Management 17, 2 (2020), 668–681.
Michael Smith, Robert Adams Edward, Mike Dvorkin, Youcef Laribi, Vijoy Pandey, Pankaj Garg, and Nik Weidenbacher. 2016. OpFlex Control Protocol. Internet Draft draft-smith-opflex-03. Internet Engineering Task Force.
Radu Stoenescu, Dragos Dumitrescu, Matei Popovici, Lorina Negreanu, and Costin Raiciu. 2018. Debugging P4 programs with vera. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication. 518–532.
El-Ghazali Talbi. 2009. Metaheuristics: From Design to Implementation (1st. ed.). John Wiley and Sons.
Tao Wang, Fangming Liu, and Hong Xu. 2017. An efficient online algorithm for dynamic SDN controller assignment in data center networks. IEEE/ACM Transactions on Networking 25, 5 (2017), 2788–2801.
Ian H. Witten, Eibe Frank, Mark A. Hall, and Christopher J. Pal. 2016. Data Mining: Practical Machine Learning Tools and Techniques (4th. ed.). Elsevier.
Seungwon Woo, Seungsoo Lee, Jinwoo Kim, and Seungwon Shin. 2018. RE-CHECKER: Towards secure RESTful service in software-defined networking. In Proceedings of the 2018 IEEE Conference on Network Function Virtualization and Software Defined Networks. 1–5.
Michał Zalewski. 2016. American Fuzzy Lop—Whitepaper. Retrieved from https://lcamtuf.coredump.cx/afl/technical_details.txt
Peng Zhang. 2017. Towards rule enforcement verification for software defined networks. In Proceedings of the 2017 IEEE Conference on Computer Communications. 1–9.
Hui Zhao, Zhihui Li, Hansheng Wei, Jianqi Shi, and Yanhong Huang. 2019. SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective. In Proceedings of the 12th IEEE Conference on Software Testing, Validation, and Verification. 59–67.
