Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Learning Failure-Inducing Models for Testing Software-Defined Networks

Raphaël Ollando, Seung Yeob Shin, Lionel C. Briand

TL;DR

The paper addresses robust testing of SDN controllers by jointly generating failure-inducing test data and learning interpretable failure-inducing models. It introduces FuzzSDN, an iterative framework that combines ML-guided fuzzing with rule-based learning (RIPPER) and planning to efficiently explore the OpenFlow input space. Empirical evaluation on ONOS and RYU across multiple network sizes shows FuzzSDN outperforms state-of-the-art fuzzers in producing failures and yields high-precision, high-recall failure models, with results aligning with literature on SDN failure conditions. The approach is scalable to larger networks and provides actionable diagnostics to guide fixes and validate changes in SDN controllers.

Abstract

Software-defined networks (SDN) enable flexible and effective communication systems that are managed by centralized software controllers. However, such a controller can undermine the underlying communication network of an SDN-based system and thus must be carefully tested. When an SDN-based system fails, in order to address such a failure, engineers need to precisely understand the conditions under which it occurs. In this article, we introduce a machine learning-guided fuzzing method, named FuzzSDN, aiming at both (1) generating effective test data leading to failures in SDN-based systems and (2) learning accurate failure-inducing models that characterize conditions under which such system fails. To our knowledge, no existing work simultaneously addresses these two objectives for SDNs. We evaluate FuzzSDN by applying it to systems controlled by two open-source SDN controllers. Further, we compare FuzzSDN with two state-of-the-art methods for fuzzing SDNs and two baselines for learning failure-inducing models. Our results show that (1) compared to the state-of-the-art methods, FuzzSDN generates at least 12 times more failures, within the same time budget, with a controller that is fairly robust to fuzzing and (2) our failure-inducing models have, on average, a precision of 98% and a recall of 86%, significantly outperforming the baselines.

Learning Failure-Inducing Models for Testing Software-Defined Networks

TL;DR

The paper addresses robust testing of SDN controllers by jointly generating failure-inducing test data and learning interpretable failure-inducing models. It introduces FuzzSDN, an iterative framework that combines ML-guided fuzzing with rule-based learning (RIPPER) and planning to efficiently explore the OpenFlow input space. Empirical evaluation on ONOS and RYU across multiple network sizes shows FuzzSDN outperforms state-of-the-art fuzzers in producing failures and yields high-precision, high-recall failure models, with results aligning with literature on SDN failure conditions. The approach is scalable to larger networks and provides actionable diagnostics to guide fixes and validate changes in SDN controllers.

Abstract

Software-defined networks (SDN) enable flexible and effective communication systems that are managed by centralized software controllers. However, such a controller can undermine the underlying communication network of an SDN-based system and thus must be carefully tested. When an SDN-based system fails, in order to address such a failure, engineers need to precisely understand the conditions under which it occurs. In this article, we introduce a machine learning-guided fuzzing method, named FuzzSDN, aiming at both (1) generating effective test data leading to failures in SDN-based systems and (2) learning accurate failure-inducing models that characterize conditions under which such system fails. To our knowledge, no existing work simultaneously addresses these two objectives for SDNs. We evaluate FuzzSDN by applying it to systems controlled by two open-source SDN controllers. Further, we compare FuzzSDN with two state-of-the-art methods for fuzzing SDNs and two baselines for learning failure-inducing models. Our results show that (1) compared to the state-of-the-art methods, FuzzSDN generates at least 12 times more failures, within the same time budget, with a controller that is fairly robust to fuzzing and (2) our failure-inducing models have, on average, a precision of 98% and a recall of 86%, significantly outperforming the baselines.
Paper Structure (17 sections, 7 figures, 2 tables, 3 algorithms)

This paper contains 17 sections, 7 figures, 2 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background and Problem Description
  3. Approach
  4. Fuzzing step: Initial fuzzing
  5. Learning step
  6. Planning step
  7. Fuzzing Step: ML-guided Fuzzing
  8. Evaluation
  9. Research Questions
  10. Simulation Platform
  11. Study subjects
  12. Experimental setup
  13. Parameter Tuning
  14. Experiment Results
  15. Threats to Validity
  16. ...and 2 more sections

Figures (7)

  • Figure 1: An SDN topology example containing one controller, three switches, and four hosts.
  • Figure 2: An overview of our ML-guided Fuzzing method for testing SDN-systems (FuzzSDN).
  • Figure 3: A data flow example of fuzzing a control message (e.g., packet_in message).
  • Figure 4: Comparing FuzzSDN, BEADS, and DELTA based on the number of fuzzed control messages that cause the switch disconnection failure. The boxplots (25%-50%-75%) show distributions of the numbers of failure-inducing control messages obtained from 10 runs of EXP1, testing either ONOS or RYU.
  • Figure 5: Comparing distributions of precision and recall values obtained from FuzzSDN and BEADS$^L$ that test the systems controlled by either ONOS or RYU (see EXP2.1). The boxplots (25%-50%-75%) show distributions of precision (a, b) and recall (c, d) values obtained from 10 runs of EXP2.1.
  • ...and 2 more figures