Multi-level Queue Security in Switches: Adversarial Inference and Differential Privacy Protection in SDN

Network switches are critical elements in any network infrastructure for traffic forwarding and packet priority scheduling, which naturally become a target of network adversaries. Most attacks on switches focus on purposely forwarding packets to the wrong network nodes or generating flooding. However, potential privacy leakage in the multi-level priority queue of switches has not been considered. In this paper, we are the first to discuss the multi-level priority queue security and privacy protection problem in switches. Observing that packet leaving order from a queue is strongly correlated to its priority, we introduce a policy inference attack that exploits specific priority-mapping rules between different packet priorities and priority sub-queues in the multi-level queues. Next, based on the policy inference result and the built-in traffic shaping strategy, a capacity inference attack with the error probability decaying exponentially in the number of attacks is presented. In addition, we propose a differentially private priority scheduling mechanism to defend against the above attacks in OpenFlow Switches. Theoretical analysis proves that our proposed mechanism can satisfy \epsilon -licdifferential privacy. Extensive evaluation results show that our mechanism can defend against inference attacks well and achieves up to 2.7 times priority process efficiency than a random priority scheduling strategy.