Litcius/Paper detail

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Shengxu Xie, Changyou Xing, Guomin Zhang, Jinlong Zhao

2021Security and Communication Networks22 citationsDOIOpen Access PDF

Abstract

In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high attack efficiency and concealed flow, and it is also difficult to detect. In this regard, this paper analyzed two types of LDoS attack flow against table overflow and proposed an attack detection and defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis) through the design of table overflow prediction and flow entries deletion strategy. Experiments conducted through the SDN network environment showed that SAIA can effectively detect and suppress LDoS attack flows in the flow table in large-scale network conditions and verified that the deployment of SAIA is lightweight. At the same time, SAIA implemented the flow entry deletion strategy based on LRU when the flow table overflows in a nonattack situation, which further enhances the stability of the network.

Topics & Concepts

OpenFlowComputer scienceTable (database)Computer networkFlow (mathematics)Software-defined networkingDistributed computingData miningGeometryMathematicsSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionPhysical Unclonable Functions (PUFs) and Hardware Security