Software-defined networks (SDN) enable flexible and effective communication systems that are managed by centralized software controllers. However, such a controller can undermine the underlying communication network of an SDN-based system and thus must be carefully tested. When an SDN-based system fails, in order to address such a failure, engineers need to precisely understand the conditions under which it occurs. In this article, we introduce a machine learning-guided fuzzing method, named FuzzSDN, aiming at both (1) generating effective test data leading to failures in SDN-based systems and (2) learning accurate failure-inducing models that characterize conditions under which such system fails. To our knowledge, no existing work simultaneously addresses these two objectives for SDNs. We evaluate FuzzSDN by applying it to systems controlled by two open-source SDN controllers. Further, we compare FuzzSDN with two state-of-the-art methods for fuzzing SDNs and two baselines for learning failure-inducing models. Our results show that (1) compared to the state-of-the-art methods, FuzzSDN generates at least 12 times more failures, within the same time budget, with a controller that is fairly robust to fuzzing and (2) our failure-inducing models have, on average, a precision of 98% and a recall of 86%, significantly outperforming the baselines.

翻译：软件定义网络（SDN）可实现由集中式软件控制器管理的灵活高效通信系统。然而，此类控制器可能破坏基于SDN系统的底层通信网络，因此必须经过严格测试。当基于SDN的系统出现故障时，为处理此类故障，工程师需精确理解故障发生的条件。本文提出一种基于机器学习引导的模糊测试方法FuzzSDN，旨在实现以下双重目标：（1）生成能触发基于SDN系统故障的有效测试数据；（2）学习描述此类系统故障条件的精确故障诱导模型。据我们所知，现有研究尚未同时针对SDN解决这两个目标。我们将FuzzSDN应用于两个开源SDN控制器控制的系统进行评估，并与两种最先进的SDN模糊测试方法及两种故障诱导模型学习基线方法进行对比。结果表明：（1）与最先进方法相比，在同等时间预算下，FuzzSDN能触发至少12倍的故障（针对对模糊测试鲁棒性较高的控制器）；（2）我们的故障诱导模型平均精确率达98%、召回率达86%，显著优于基线方法。