{"ID":2853403,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2510.16461","arxiv_id":"2510.16461","title":"Heimdallr: Fingerprinting SD-WAN Control-Plane Architecture via Encrypted Control Traffic","abstract":"Software-defined wide area network (SD-WAN) has emerged as a new paradigm for steering a large-scale network flexibly by adopting distributed software-defined network (SDN) controllers. The key to building a logically centralized but physically distributed control-plane is running diverse cluster management protocols to achieve consistency through an exchange of control traffic. Meanwhile, we observe that the control traffic exposes unique time-series patterns and directional relationships due to the operational structure even though the traffic is encrypted, and this pattern can disclose confidential information such as control-plane topology and protocol dependencies, which can be exploited for severe attacks. With this insight, we propose a new SD-WAN fingerprinting system, called Heimdallr. It analyzes periodical and operational patterns of SD-WAN cluster management protocols and the context of flow directions from the collected control traffic utilizing a deep learning-based approach, so that it can classify the cluster management protocols automatically from miscellaneous control traffic datasets. Our evaluation, which is performed in a realistic SD-WAN environment consisting of geographically distant three campus networks and one enterprise network shows that Heimdallr can classify SD-WAN control traffic with $\\geq$ 93%, identify individual protocols with $\\geq$ 80% macro F-1 scores, and finally can infer control-plane topology with $\\geq$ 70% similarity.","short_abstract":"Software-defined wide area network (SD-WAN) has emerged as a new paradigm for steering a large-scale network flexibly by adopting distributed software-defined network (SDN) controllers. The key to building a logically centralized but physically distributed control-plane is running diverse cluster management protocols t...","url_abs":"https://arxiv.org/abs/2510.16461","url_pdf":"https://arxiv.org/pdf/2510.16461v1","authors":"[\"Minjae Seo\",\"Jaehan Kim\",\"Eduard Marin\",\"Myoungsung You\",\"Taejune Park\",\"Seungsoo Lee\",\"Seungwon Shin\",\"Jinwoo Kim\"]","published":"2025-10-18T12:01:51Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.NI\"]","methods":"[]","has_code":false}