Analysis of topology poisoning attacks in software-defined networking

Thanh Bui*, Markku Antikainen, Tuomas Aura

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review


In software-defined networking (SDN), routing decisions are made by a trusted network controller, which communicates with each forwarding device over a secure control channel. While this architecture avoids many security issues of distributed routing protocols, SDN remains vulnerable to topology poisoning attacks during topology discovery. Faked link information can cause wrong routing decisions by the controller and, thus, enable the attacker to reroute some traffic flows to compromised nodes. This paper provides both qualitative and quantitative analysis of topology poisoning attacks in SDN. We classify the attacks including new variants and analyze how their impact depends on the network topology, routing policy, and attacker location. While most of the literature emphasizes the security of the SDN controller and control channels, we assume them to be secure and aim to understand the ability of a small number of compromised switches to divert traffic flows. This is important because the low-cost, heterogeneous network equipment available for SDN may not be entirely trusted and because targeted attacks often start from the compromise of a single device.

Original languageEnglish
Title of host publicationSecure IT Systems - 24th Nordic Conference, NordSec 2019, Proceedings
EditorsAslan Askarov, René Rydhof Hansen, Willard Rafnsson
Number of pages16
ISBN (Print)9783030350543
Publication statusPublished - 13 Nov 2019
MoE publication typeA4 Conference publication
EventNordic Conference on Secure IT Systems - Aalborg, Denmark
Duration: 18 Nov 201920 Nov 2019
Conference number: 24

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11875 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceNordic Conference on Secure IT Systems
Abbreviated titleNordSec
Internet address


Dive into the research topics of 'Analysis of topology poisoning attacks in software-defined networking'. Together they form a unique fingerprint.

Cite this