Stealthy Misreporting Attacks Against Load Balancing

Load balancing in software-defined networks (SDNs) is commonly realized with a centralized architecture. Dynamic load balancing relies on the SDN controller to periodically collect traffic statistics from network switches and make decisions in a timely manner. In this paper, we examine the extent to which an adversary that has compromised a switch can influence the load balancing algorithm by misreporting its own traffic statistics. We design an attack that allows an adversary to perform preliminary reconnaissance, which means learning network traffic distributions and setting attack parameters, and then accurately model and estimate the reward from misreporting while evading detection. Our evaluation offers three insights: 1) network traffic exhibits discernible patterns by reconnaissance; 2) the reconnaissance can be used to design misreporting attacks that can effectively draw unfair proportions of network traffic to the adversary under the guise of honest behavior; and 3) reconnaissance itself can be accelerated by misreporting to launch more targeted attacks.