{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T05:23:40Z","timestamp":1773638620750,"version":"3.50.1"},"reference-count":108,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"4","license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100000038","name":"Natural Sciences and Engineering Research Council of Canada","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000038","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Commun. Surv. Tutorials"],"published-print":{"date-parts":[[2018]]},"DOI":"10.1109\/comst.2018.2839348","type":"journal-article","created":{"date-parts":[[2018,5,22]],"date-time":"2018-05-22T14:57:33Z","timestamp":1527001053000},"page":"3542-3559","source":"Crossref","is-referenced-by-count":97,"title":["Comparative Analysis of Control Plane Security of SDN and Conventional Networks"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2783-107X","authenticated-orcid":false,"given":"AbdelRahman","family":"Abdou","sequence":"first","affiliation":[]},{"given":"Paul C.","family":"van Oorschot","sequence":"additional","affiliation":[]},{"given":"Tao","family":"Wan","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","author":"volobuev","year":"1997","journal-title":"Playing redir games with ARP and ICMP"},{"key":"ref38","volume":"1","author":"kurose","year":"2013","journal-title":"Computer Networking A Top-down Approach"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5304"},{"key":"ref32","year":"2014","journal-title":"Catalyst 3750-X and 3560-X Switch Software Configuration Guide—Managing Switch Stacks"},{"key":"ref31","first-page":"1","year":"2014"},{"key":"ref30","year":"2004","journal-title":"Safe Layer 2 Security in-Depth Version 2"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.17487\/rfc7176"},{"key":"ref36","year":"2014","journal-title":"Routing and Switching Essentials Companion Guide"},{"key":"ref35","author":"fedyk","year":"2012","journal-title":"802 1aq—Shortest Path Bridging"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6325"},{"key":"ref28","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1145\/318951.319004","article-title":"An algorithm for distributed computation of a spanning tree in an extended LAN","author":"perlman","year":"1985","journal-title":"Proc ACM Sigcomm"},{"key":"ref27","author":"wilkins","year":"2011","journal-title":"Switchport Security Concepts and Configuration"},{"key":"ref29","author":"vyncke","year":"2018","journal-title":"Attacking the Spanning Tree Protocol"},{"key":"ref20","year":"1991","journal-title":"X 800 Security Architecture for Open Systems Interconnection for Ccitt Applications"},{"key":"ref22","author":"convery","year":"2002","journal-title":"Hacking Layer 2 Fun with Ethernet Switches"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2489183"},{"key":"ref24","author":"fall","year":"2011","journal-title":"TCP\/IP Illustrated Volume 1 The Protocols"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2012.121112.00190"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.05.006"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/WMNC.2016.7543976"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2453114"},{"key":"ref25","doi-asserted-by":"crossref","first-page":"370","DOI":"10.1109\/JSAC.2005.861394","article-title":"Wormhole attacks in wireless networks","volume":"24","author":"hu","year":"2006","journal-title":"IEEE J Sel Areas Commun"},{"key":"ref50","year":"2014","journal-title":"OpenFlow Switch Specification Version 1 1 0"},{"key":"ref51","article-title":"SANE: A protection architecture for enterprise networks","author":"casado","year":"2006","journal-title":"Proc Usenix Security Symp"},{"key":"ref59","first-page":"1","article-title":"No SQL, no injection?","author":"ron","year":"2015","journal-title":"Proc IEEE Web 2 0 Security & Privacy Workshop"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/1773912.1773922"},{"key":"ref57","author":"yin","year":"2012","journal-title":"SDNi A Message Exchange Protocol for Software Defined Networks (SDNS) Across Multiple Domains"},{"key":"ref56","year":"2015","journal-title":"Network Security"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/1435417.1435432"},{"key":"ref54","first-page":"305","article-title":"In search of an understandable consensus algorithm","author":"ongaro","year":"2014","journal-title":"Proc USENIX ATC"},{"key":"ref53","first-page":"11","article-title":"ZooKeeper: Wait-free coordination for Internet-scale systems","author":"hunt","year":"2010","journal-title":"Proc USENIX ATC"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/IEEESTD.2009.5251812"},{"key":"ref40","year":"2004","journal-title":"Understanding and Configuring Dynamic ARP Inspection"},{"key":"ref4","author":"greene","year":"2009","journal-title":"Tr10 Software-defined Networking"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.17487\/rfc7471"},{"key":"ref6","year":"2015","journal-title":"OpenFlow-Data Plane Abstraction Networking Software"},{"key":"ref5","first-page":"1","article-title":"Fresco: Modular composable security services for software-defined networks","author":"shin","year":"2013","journal-title":"Proc NDSS"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620744"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3768"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/WoWMoM.2014.6918985"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.17487\/rfc6241"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2992"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2991"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2338"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.17487\/rfc5798"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/LCOMM.2010.02.092108"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.05.007"},{"key":"ref44","first-page":"1","article-title":"Owning the routing table—Part II","author":"nakibly","year":"2013","journal-title":"Proceedings of BlackHat"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1058"},{"key":"ref73","first-page":"59","article-title":"Kinetic: Verifiable dynamic network control","author":"kim","year":"2015","journal-title":"Proc USENIX NSDI"},{"key":"ref72","first-page":"533","article-title":"Enforcing network-wide policies in the presence of dynamic middlebox actions using FlowTags","author":"fayazbakhsh","year":"2014","journal-title":"Proc USENIX NSDI"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620749"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/1866898.1866905"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1145\/2620728.2620750"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2014.98"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2013.6654813"},{"key":"ref75","first-page":"99","article-title":"Real time network policy checking using header space analysis","author":"kazemian","year":"2013","journal-title":"Proc USENIX NSDI"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/2491185.2491222"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2010.5735752"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/2491185.2491220"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/2377677.2377766"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67425-4_12"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1145\/1384609.1384625"},{"key":"ref64","year":"2015","journal-title":"Floodlight OpenFlow Controller"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342466"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1145\/2491185.2491212"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660353"},{"key":"ref68","first-page":"365","article-title":"Can the production network be the testbed?","author":"sherwood","year":"2010","journal-title":"Proc USENIX OSDI"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2602204.2602219"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342458"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.17487\/rfc2328"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.1109\/INM.2015.7140489"},{"key":"ref108","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2015.05.007"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2013.6733671"},{"key":"ref107","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2015.9"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2016.7568569"},{"key":"ref106","doi-asserted-by":"publisher","DOI":"10.14722\/sent.2015.23004"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.27"},{"key":"ref105","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2618874"},{"key":"ref91","first-page":"1","article-title":"How to detect a compromised SDN switch","author":"chi","year":"2015","journal-title":"Proc IEEE NETSOFT"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2014.7014199"},{"key":"ref90","doi-asserted-by":"crossref","first-page":"229","DOI":"10.1007\/978-3-319-11599-3_14","article-title":"Spook in your network: Attacking an SDN with a compromised OpenFlow switch","volume":"8788","author":"antikainen","year":"2014","journal-title":"Secure IT Systems"},{"key":"ref103","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2015.2421391"},{"key":"ref102","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2474118"},{"key":"ref98","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2689819"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.1145\/2491185.2491199"},{"key":"ref96","first-page":"61","article-title":"Flow-level state transition as a new switch primitive for SDN","author":"moshref","year":"2014","journal-title":"Proc ACM HotSDN"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/2602204.2602211"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/1266977.1266980"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23283"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23222"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23064"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2016.2586999"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/CNSM.2014.7014181"},{"key":"ref16","year":"1994"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1109\/EWSDN.2014.25"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2043164.2018516"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2016.04.005"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2012.09.011"},{"key":"ref84","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342444"},{"key":"ref19","author":"neuman","year":"1994","journal-title":"Scale in Distributed Systems"},{"key":"ref83","doi-asserted-by":"publisher","DOI":"10.1109\/NETSOFT.2015.7116153"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2015.03.003"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1109\/HOTI.2013.17"},{"key":"ref85","first-page":"351","article-title":"Onix: A distributed control platform for large-scale production networks","volume":"10","author":"koponen","year":"2010","journal-title":"Proc USENIX OSDI"},{"key":"ref86","first-page":"3","article-title":"HyperFlow: A distributed control plane for OpenFlow","author":"tootoonchian","year":"2010","journal-title":"Proc USENIX INM\/WREN"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23309"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_9"}],"container-title":["IEEE Communications Surveys & Tutorials"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9739\/8540503\/08362609.pdf?arnumber=8362609","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T11:43:18Z","timestamp":1641987798000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8362609\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"references-count":108,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1109\/comst.2018.2839348","relation":{},"ISSN":["1553-877X","2373-745X"],"issn-type":[{"value":"1553-877X","type":"electronic"},{"value":"2373-745X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}