Litcius/Paper detail

TableGuard: A Novel Security Mechanism Against Flow Table Overflow Attacks in SDN

Dezhang Kong, Chunming Wu, Yiming Shen, Xiang Chen, Hongyan Liu, Dong Zhang

2022GLOBECOM 2022 - 2022 IEEE Global Communications Conference11 citationsDOI

Abstract

One of the most important components of Software-Defined Networking (SDN) is the flow table. It receives flow rules from the controller and uses them to handle network traffic. However, a flow table can only store a few thousand flow rules, which makes it an attractive target for table overflow attacks. These attacks force the controller to populate the flow table with a large number of meaningless flow rules, which prevents normal flows from finding matching rules and therefore having to be reported to the controller. It results in a significant latency overhead, degrading the performance of the whole network. In this paper, we present a key characteristic of table overflow attacks: even though attackers can change some critical attack parameters (e.g., attack speed) to avoid detection, proactive flows from the attacked port always occupy a stable proportion in the flow table regardless of the attack form. In light of this finding, we propose TableGuard, a novel security mechanism that uses the proactive flow rule number as the detection metric and applies a statistical approach to help filter malicious flows. The experiments demonstrate that TableGuard can mitigate both high-rate and low-rate table overflow attacks. Compared with existing defenses, TableGuard has the best mitigation performance and the minimal overhead on normal flows.

Topics & Concepts

Computer scienceTable (database)Overhead (engineering)Software-defined networkingComputer networkNetwork securityDistributed computingReal-time computingComputer securityData miningOperating systemSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-voting