Hiring in life sciences? Share your open positions with our professional community. Read more Close

Your cookie settings

This site uses cookies. Some cookies are essential to make the site work and others help us to improve our services. Read more about cookies in our Privacy policy.

Choose your cookie preferences:

Advertisement

Tunnel enabled programmable switches obfuscate network topology to defend against link flooding reconnaissance in software defined networking.

Created on 11 Oct 2025

Authors

Xiang Li, Jungmin Lee, Junggab Son, Yeonjoon Lee

Published in

Scientific reports. Volume 15. Issue 1. Pages 35549. Oct 10, 2025. Epub Oct 10, 2025.

Abstract

Recently, Software-Defined Networking (SDN) has emerged as an increasingly popular network paradigm due to its virtualization capabilities and flexibility. However, its robustness in link connectivity is threatened by Link Flooding Attacks (LFAs). To launch LFAs, adversaries use probing tools to infer network topologies and identify target links with bottlenecks. Thus, protecting SDN topologies against disclosure is crucial to ensure system security and preserve infrastructure functionality. We propose TEPS (Tunnel-Enabled Programmable Switches), a proactive defense system that dynamically obfuscates network topologies to defend against adversarial reconnaissance in SDN. TEPS generates false topologies by leveraging the flexibility of emerging programmable switches to construct customized tunnels and manipulate probing packets using the P4 language. This prevents adversaries from obtaining accurate knowledge of network topologies, making it difficult to reconstruct the true topologies. Furthermore, TEPS counters Round-Trip Time (RTT)-based fingerprinting attacks by dynamically adjusting packet delays and routing traffic to conceal RTT variations. Our evaluation demonstrates that TEPS effectively reduces the distribution of link importance in network topologies compared to the latest proactive defense method, thereby concealing bottlenecks and disrupting adversarial topology reconnaissance, including thwarting RTT-based fingerprinting attempts. Furthermore, by leveraging the capabilities of P4 switches, TEPS introduces minimal network overhead, with at most a 3% reduction in throughput and a 9.57% increase in resource utilization, showing practical feasibility under real-world operational constraints. By implementing TEPS, network administrators can enhance the security of their SDN infrastructures against LFAs and maintain robust connectivity through a lightweight approach.

PMID:
41073699
Bibliographic data and abstract were imported from PubMed on 11 Oct 2025.

Read full publication at:
Please sign in to see all details.

Advertisement

Stats

  • Community rating n/a 0 votes
  • Reviewers' rating n/a 0 votes
  • Sign in to post a review. Add review
  • Your rating

1-terrible, 9-excellent. How would you rate this publication? Sign in in to submit your rating.

  • Recommendations n/a n/a positive of 0 vote(s)
  • Views 27
  • Comments 0

Recommended by

  • No recommendations yet.

Do you recommend this? Please sign in. Yes No

Recommended

Post a comment

You need to be signed in to post comments. You can sign in here.

Comments

There are no comments yet.

Advertisement