Abstract
In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high attack efficiency and concealed flow, and it is also difficult to detect. In this regard, this paper analyzed two types of LDoS attack flow against table overflow and proposed an attack detection and defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis) through the design of table overflow prediction and flow entries deletion strategy. Experiments conducted through the SDN network environment showed that SAIA can effectively detect and suppress LDoS attack flows in the flow table in large-scale network conditions and verified that the deployment of SAIA is lightweight. At the same time, SAIA implemented the flow entry deletion strategy based on LRU when the flow table overflows in a nonattack situation, which further enhances the stability of the network.
Highlights
Software-Defined Networking (SDN) features such as centralized control, separation of forwarding and control, and network programmable make network management simple and flexible
In order to meet the requirements of flow entry mask matching, SDN hardware switches that support the OpenFlow protocol all use Ternary Content Addressable Memory (TCAM) to store and search flow entries
E main contributions of the paper are as follows: (i) Two types of low-rate DoS (LDoS) attack flow against table overflow are analyzed and their impact is evaluated on the performance of SDN network through experiment (ii) Designed attack detection and defense system SAIA is based on small-flow and inport-flow analysis to mitigate the table overflow LDoS attacks (iii) rough experiment, the effectiveness of the SAIA system against table overflow LDoS attacks is verified, and at the same time this verifies that SAIA can effectively mitigate the problem of table overflow under nonattack conditions e rest of the paper is organized as follows
Summary
Software-Defined Networking (SDN) features such as centralized control, separation of forwarding and control, and network programmable make network management simple and flexible. To solve the impact of LDoS attacks against flow table overflow on SDN networks, this paper first analyzes the two typical types of low-rate attack flows and proposes the LDoS attack detection and defense mechanism SAIA based on small-flow and inport-flow statistical analysis, which includes algorithms such as flow table overflow prediction, attack flow identification, and flow entry deletion. (i) Two types of LDoS attack flow against table overflow are analyzed and their impact is evaluated on the performance of SDN network through experiment (ii) Designed attack detection and defense system SAIA is based on small-flow and inport-flow analysis to mitigate the table overflow LDoS attacks (iii) rough experiment, the effectiveness of the SAIA system against table overflow LDoS attacks is verified, and at the same time this verifies that SAIA can effectively mitigate the problem of table overflow under nonattack conditions e rest of the paper is organized as follows.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
