2021
DOI: 10.1155/2021/6667922
|View full text |Cite
|
Sign up to set email alerts
|

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Abstract: In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 15 publications
(16 citation statements)
references
References 34 publications
0
7
0
Order By: Relevance
“…This mechanism consists of multi-feature attack detection and dynamic removal of flow entries, to achieve fine-grained detection results. Xie et al [21] presented an attack detection and mitigation mechanism called SAIA, which consists of four modules: data collection, overflow prediction, attack detection, and overflow mitigation. SAIA periodically samples the required data, performs attack detection based on thresholds, removes detected attack Statistical feature-based detection methods [30]- [33] detect attacks based on the effect caused and reasonable thresholds.…”
Section: ) Low-rate Flow Table Overflow Attackmentioning
confidence: 99%
See 1 more Smart Citation
“…This mechanism consists of multi-feature attack detection and dynamic removal of flow entries, to achieve fine-grained detection results. Xie et al [21] presented an attack detection and mitigation mechanism called SAIA, which consists of four modules: data collection, overflow prediction, attack detection, and overflow mitigation. SAIA periodically samples the required data, performs attack detection based on thresholds, removes detected attack Statistical feature-based detection methods [30]- [33] detect attacks based on the effect caused and reasonable thresholds.…”
Section: ) Low-rate Flow Table Overflow Attackmentioning
confidence: 99%
“…The matching fields include protocol, port_src, port_dst, ip_src, and ip_dst. Since the proposed method in this paper relies solely on the flow features of a single switch and is independent of the network topology, we adopt the topology from reference [21] as our experimental topology, as depicted in Fig. 7.…”
Section: Experiments and Analysismentioning
confidence: 99%
“…In the literature, several approaches that use switch memory management techniques have been found [158], [159]. However, there are few oriented to a security scope; thus, in [160], the authors propose a detection and defense mechanism against LDoS (low-rate DoS) attacks. The proposal uses statistical analysis for detection, whereas for mitigation, it uses the replacement technique supported by the LRU algorithm.…”
Section: ) Stateless Data Planementioning
confidence: 99%
“…Preconditions/ Postconditions [123] OFDP vulnerable BFD [125] Fake packet-in Switch port association with host MAC [135] Lack of packet-in message authentication Independent hardware implementation [136] DoS attacks Statistics [137] DoS attacks Protocol-independent defense framework [128] Spoofing and DoS attacks ACL / Machine learning [155] Spoofing Route and Dos attacks Traffic statistics [138] DDoS attacks Entropy [140] DoS attacks Entropy [141] DoS attacks Traffic statistics [142] DDoS attacks KPCA+GA+ Machine learning [143] DDoS attacks Blockchain [144] Lack of P2P traffic identification Machine learning [145] HTTP DDoS attacks Entropy + Hardware [149] DDoS attacks PCA [150] DDoS attacks EWMA [151] DDoS attacks Snort IDS [152] DDoS attacks Machine learning [153] DDoS attacks Deep Learning [154] DDoS attacks Entropy / Machine learning [156] Inference attacks Randomization of network attributes/ Rate-limiting + Proactive rules Rate-limiting + Proxy [160] DoS attacks (LDoS) Statistics / LRU [130] Inference attacks Routing aggregation / TCAM + SRAM [161], [162] Lack of network client access control EAP / RADIUS [163] Lack of network client access control EAPoL / RADIUS [164] DoS attacks Blockchain + Hardware [129] SYN flooding and ARP spoofing attacks SYN/ACK and ACK/FIN packets' ratio / P4 cache [165] Traffic overload / Latency App+P4 [166] Traffic overload Snort IPS + P4 [167] DDoS attacks P4+Entropy+FSM [168] Lack of link protection between stateful switches MACsec [169] States exchange between stateful switches Digital signatures [170] Link floo...…”
Section: ) Stateful Data Planementioning
confidence: 99%
“…One of the attacks that could impact the SD-IoT integration model is DDoS. In general, DDoS attacks are classified into two types, namely High Rate Distributed Denial Of Service (HRDDoS) and Low Rate Distributed Denial Of Service (LRDDoS) [9], [10]. LRDDoS attacks initiated on data fields are characterized by low speed, concealment, and persistence, which make them difficult to detect.…”
Section: Introductionmentioning
confidence: 99%