초록 close

Service function chaining (SFC) has a special and powerful ability to define an ordered list of required network services as avirtual chain and makes a network more flexible and manageable. However, there are many vulnerabilities to SFC, such as compromised switches and middlebox-bypass attacks, which can damagethe operation and security of the network. In this study, we proposea mechanism that not only detects both middlebox-bypass attacksand compromised switch attacks in multiple service function chainsscenario but also prevents such attacks and protects the network. The proposed mechanism uses both probe-based and statisticsbased methods to handle the probe packets and collect statisticsfrom middleboxes for detecting any attacks in SFC. After detection, the mechanism changes the network topology to eliminate thecompromised switches, while meeting the initial requirements ofthe service chains. By combining probe-based and statistics-basedmethods, our proposal overcomes the disadvantages of other proposed solutions and brings about a robust protection to SFC. Asthe experimental results indicate, the proposed mechanism is aneffective and relevant approach for detecting and preventing compromised switches and middlebox-bypass attacks in SFC.