RLFAT: A Transformer-Based Relay Link Forged Attack Detection Mechanism in SDN

Abstract

SDN is a modern internet architecture that has transformed the traditional internet structure in recent years. By segregating the control and data planes of the network, SDN facilitates centralized management, scalability, dynamism, and programmability. However, this very feature makes SDN controllers vulnerable to cyber attacks, which can cause network-wide crashes, unlike conventional networks. One of the most stealthy attacks that SDN controllers face is the relay link forgery attack in topology deception attacks. Such an attack can result in erroneous overall views for SDN controllers, leading to network functionality breakdowns and even crashes. In this article, we introduce the Relay Link Forgery Attack detection model based on the Transformer deep learning model for the first time. The model (RLFAT) detects relay link forgery attacks by extracting features from network flows received by SDN controllers. A dataset of network flows received by SDN controllers from a large number of SDN networks with different topologies was collected. Finally, the Relay-based Link Forgery Attack detection model was trained on this dataset, and its performance was evaluated using accuracy, recall, F1 score, and AUC metrics. For better validation, comparative experiments were conducted with some common deep learning models. The experimental results show that our proposed model (RLFAT) has good performance in detecting RLFA and outperforms other models.