What problem does this paper attempt to address?

The problem that this paper attempts to solve is the CrossPath attack problem in Software - Defined Networking (SDN). Specifically, the paper focuses on how to detect and mitigate the threat of this attack to SDN. ### Overview of CrossPath Attack The CrossPath attack is a new type of link - flooding attack against shared links in SDN. It takes advantage of the characteristic that the data plane and the control plane share the same physical link, and indirectly affects the normal operation of the control plane by sending a large amount of traffic on the data plane. The main characteristics of this attack are: - **Indirectness**: The attacker does not directly send malicious traffic to the control plane, but indirectly affects the control plane through the traffic in the data plane. - **Concealment**: Since the attack traffic only appears in the data plane, it is difficult to be detected by traditional defense mechanisms. - **Dependence on Path Reconnaissance**: The attacker needs to conduct path reconnaissance first, identify which links are shared by the data plane and the control plane, and then can launch the attack. ### Paper Solution: Mirage Framework To meet the above challenges, the paper proposes a framework named Mirage, which aims to detect, prevent and mitigate CrossPath attacks. Specific measures include: 1. **Detecting Unreachable SDN Switches**: Mirage monitors the status of switches in the network by periodically sending probe messages (probes). If a switch fails to respond to probe messages multiple times, it is considered that the switch may be under attack, and the system will immediately notify the administrator. 2. **Preventing Adversarial Path Reconnaissance**: Mirage prevents attackers from conducting path reconnaissance in the following ways: - **Path Diversity**: Use multiple different paths to transmit data and control information, making it difficult for attackers to determine which links are shared. - **Short - Lifecycle Flow - Table Rules**: Dynamically adjust flow - table rules to increase the difficulty for attackers to measure RTT (Round - Trip Time). 3. **Rapid Response and Mitigation of Ongoing Attacks**: Once an attack is detected, Mirage will quickly take measures, such as rerouting network packets or limiting the traffic on specific paths, to reduce the impact of the attack. ### Formula Representation To describe path diversity and RTT measurement interference more clearly, the following formulas can be used: - **Path Diversity**: Suppose there are \( n \) paths from the source node \( S \) to the destination node \( D \), denoted as \( P_1, P_2,\ldots, P_n \). Mirage randomly selects one of these paths \( P_i \) for data transmission, thereby increasing the identification difficulty for attackers. - **RTT Measurement Interference**: Assume that the original RTT is \( T_{\text{original}} \), and a random delay \( \Delta t \) is introduced, then the actually measured RTT is: \[ T_{\text{measured}}=T_{\text{original}}+\Delta t \] In this way, Mirage makes it difficult for attackers to accurately measure RTT, and thus unable to identify shared links. In conclusion, the Mirage framework effectively improves the security of SDN through multiple means, especially in preventing CrossPath attacks.