Fingerprinting SDN Applications via Encrypted Control Traffic


Jiahao Cao, Tsinghua University and George Mason University; Zijie Yang, Tsinghua University; Kun Sun, George Mason University; Qi Li, Mingwei Xu, Tsinghua University; Peiyi Han, Beijing University of Posts and Telecommunications


By decoupling control and data planes, Software-Defined Networking (SDN) enriches network functionalities with deploying diversified applications in a logically centralized controller. As the applications reveal the presence or absence of internal network services and functionalities, they appear as black-boxes, which are invisible to network users. In this paper, we show an adversary can infer what applications run on SDN controllers by analyzing low-level and encrypted control traffic. Such information can help an adversary to identify valuable targets, know the possible presence of network defense, and thus schedule a better plan for a later stage of an attack. We design deep learning based methods to accurately and efficiently fingerprint all SDN applications from mixed control traffic. To evaluate the feasibility of the attack, we collect massive traces of control traffic from a real SDN testbed running various applications. Extensive experiments demonstrate an adversary can accurately identify various SDN applications with a 95.4% accuracy on average.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {242077,
author = {Jiahao Cao and Zijie Yang and Kun Sun and Qi Li and Mingwei Xu and Peiyi Han},
title = {Fingerprinting {SDN} Applications via Encrypted Control Traffic},
booktitle = {22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)},
year = {2019},
isbn = {978-1-939133-07-6},
address = {Chaoyang District, Beijing},
pages = {501--515},
url = {},
publisher = {USENIX Association},
month = sep,