Research on Table Overflow Ldos Attack Detection and Defense Method in Software Defined Networks

Xie, Shengxu; Xing, Changyou; Zhang, Guomin; Zhao, Jianhua

doi:10.1007/978-981-15-7530-3_7

Cited by 3 publications

(3 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Graph Embedding Stage: Firstly, based on the node feature matrix generated in the node embedding stage, we compute the weighted average of each node on each feature and generate a graph context vector through a non-linear transformation, as shown in (13). The graph context vector provides information about the structure and features of the graph.…”

Section: Attack Detection Mechanismmentioning

confidence: 99%

“…Due to cost and capacity limitations [9]- [11], most commercial switches can only accommodate a few thousand to tens of thousands of flow entries [12]. Consequently, flow table overflow attacks have emerged as a significant threat in the realm of SDN security, particularly low-rate flow table overflow attacks that possess higher levels of stealthiness [13].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

In Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiveness of such attacks. This paper proposes an adaptive low-rate flow table overflow attack (ALFO), which can adopt corresponding attack modes under different flow entry eviction mechanisms, significantly degrading network service quality. Due to the different features of ALFO under different attack modes, the existing attack detection methods are ineffective in this attack. Therefore, this paper proposes a detection and mitigation framework, which is called adaptive low-rate flow table overflow attack guard framework (ALFO-Guard). It extracts flow features from flow entry information in the switch and aggregates them into a current-time graph model. Then, combining graph neural networks, it performs graph anomaly detection and flow entry classification to identify attack flow entries. Finally, the attack can be eliminated by deleting the identified attack flow entries and blocking the attack flows.The effectiveness of ALFO and ALFO-Guard is validated through extensive experiments, and the experimental results demonstrate that ALFO-Guard can effectively defend against ALFO.INDEX TERMS SDN, Flow table overflow, Low-rate attacks, Graph neural network.

show abstract

Section: Attack Detection Mechanismmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…erefore, this paper mainly studies the detection and defense mechanism of flow table overflow LDoS attack. Based on the previous conference manuscripts [37], this paper has carried out many extensions, including detailed introduction of background, further analysis of attack flow, optimization of flow table overflow mitigation module design, and large-scale experiments.…”

Section: Security and Communication Networkmentioning

confidence: 99%

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Xie

Xing

Zhang

et al. 2021

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high attack efficiency and concealed flow, and it is also difficult to detect. In this regard, this paper analyzed two types of LDoS attack flow against table overflow and proposed an attack detection and defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis) through the design of table overflow prediction and flow entries deletion strategy. Experiments conducted through the SDN network environment showed that SAIA can effectively detect and suppress LDoS attack flows in the flow table in large-scale network conditions and verified that the deployment of SAIA is lightweight. At the same time, SAIA implemented the flow entry deletion strategy based on LRU when the flow table overflows in a nonattack situation, which further enhances the stability of the network.

show abstract

Packet Injection Exploiting Attack and Mitigation in Software-Defined Networks

Qin

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

Software-defined networking (SDN) decouples the control plane and data plane through OpenFlow technology and allows flexible network control. It has been widely applied in different areas and has become a focus of attention in the future network. With SDN’s development, its security problem has become a necessary point of research to be solved urgently. In this paper, we propose a novel attack, namely, the packet injection exploiting attack. By maliciously injecting false hosts into SDN network topology, attackers can further use them to launch a denial of service (DoS) attack. The consequences affect the throughput and processing capabilities of the controller, severely consume data plane resources, and ultimately affect the entire network. To prevent the packet-injection exploiting attack, we designed PIEDefender, an efficient, protocol-independent component built on SDN controllers to detect and mitigate attacks effectively. We implement the PIEDefender prototype on the Floodlight controller and assess the effectiveness in the software environment. Experimental results show that PIEDefender achieves a 97.8% injection detection precision and a 97.96% DoS detection precision, incurring an average CPU consumption of 10%. The evaluation demonstrates that the PIEDefender can effectively mitigate the attack against SDN with limited overhead.

show abstract

Research on Table Overflow Ldos Attack Detection and Defense Method in Software Defined Networks

Cited by 3 publications

References 15 publications

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Packet Injection Exploiting Attack and Mitigation in Software-Defined Networks

Contact Info

Product

Resources

About