Abstract : : Service function chaining (SFC) has a special and powerful ability to define an ordered list of required network services as a virtual chain and makes a network more flexible and manageable. However, there are many vulnerabilities to SFC, such as compromised switches and middlebox-bypass attacks, which can damage the operation and security of the network. In this study, we propose a mechanism that not only detects both middlebox-bypass attacks and compromised switch attacks in multiple service function chains scenario but also prevents such attacks and protects the network. The proposed mechanism uses both probe-based and statisticsbased methods to handle the probe packets and collect statistics from middleboxes for detecting any attacks in SFC. After detection, the mechanism changes the network topology to eliminate the compromised switches, while meeting the initial requirements of the service chains. By combining probe-based and statistics-based methods, our proposal overcomes the disadvantages of other proposed solutions and brings about a robust protection to SFC. As the experimental results indicate, the proposed mechanism is an effective and relevant approach for detecting and preventing compromised switches and middlebox-bypass attacks in SFC.
Index terms : Compromised switches, middlebox-bypass attack, service function chaining (SFC).