Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks
In Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiven...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2024-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10487937/ |
_version_ | 1797217360690544640 |
---|---|
author | Ying Zeng Yong Wang Yuming Liu |
author_facet | Ying Zeng Yong Wang Yuming Liu |
author_sort | Ying Zeng |
collection | DOAJ |
description | In Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiveness of such attacks. This paper proposes an adaptive low-rate flow table overflow attack (ALFO), which can adopt corresponding attack modes under different flow entry eviction mechanisms, significantly degrading network service quality. Due to the different features of ALFO under different attack modes, the existing attack detection methods are ineffective in this attack. Therefore, this paper proposes a detection and mitigation framework, which is called adaptive low-rate flow table overflow attack guard framework (ALFO-Guard). It extracts flow features from flow entry information in the switch and aggregates them into a current-time graph model. Then, combining graph neural networks, it performs graph anomaly detection and flow entry classification to identify attack flow entries. Finally, the attack can be eliminated by deleting the identified attack flow entries and blocking the attack flows. The effectiveness of ALFO and ALFO-Guard is validated through extensive experiments, and the experimental results demonstrate that ALFO-Guard can effectively defend against ALFO. |
first_indexed | 2024-04-24T12:00:37Z |
format | Article |
id | doaj.art-35acc6a0ea5644c7b7877694f4b7529c |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-24T12:00:37Z |
publishDate | 2024-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-35acc6a0ea5644c7b7877694f4b7529c2024-04-08T23:01:11ZengIEEEIEEE Access2169-35362024-01-0112488304884510.1109/ACCESS.2024.338387710487937Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined NetworksYing Zeng0https://orcid.org/0009-0007-3430-516XYong Wang1https://orcid.org/0000-0002-5383-5736Yuming Liu2https://orcid.org/0000-0002-7995-0847School of Computer and Information Security, Guilin University of Electronic Technology, Guilin, ChinaSchool of Computer and Information Security, Guilin University of Electronic Technology, Guilin, ChinaSchool of Computer and Information Security, Guilin University of Electronic Technology, Guilin, ChinaIn Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiveness of such attacks. This paper proposes an adaptive low-rate flow table overflow attack (ALFO), which can adopt corresponding attack modes under different flow entry eviction mechanisms, significantly degrading network service quality. Due to the different features of ALFO under different attack modes, the existing attack detection methods are ineffective in this attack. Therefore, this paper proposes a detection and mitigation framework, which is called adaptive low-rate flow table overflow attack guard framework (ALFO-Guard). It extracts flow features from flow entry information in the switch and aggregates them into a current-time graph model. Then, combining graph neural networks, it performs graph anomaly detection and flow entry classification to identify attack flow entries. Finally, the attack can be eliminated by deleting the identified attack flow entries and blocking the attack flows. The effectiveness of ALFO and ALFO-Guard is validated through extensive experiments, and the experimental results demonstrate that ALFO-Guard can effectively defend against ALFO.https://ieeexplore.ieee.org/document/10487937/SDNflow table overflowlow-rate attacksgraph neural network |
spellingShingle | Ying Zeng Yong Wang Yuming Liu Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks IEEE Access SDN flow table overflow low-rate attacks graph neural network |
title | Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks |
title_full | Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks |
title_fullStr | Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks |
title_full_unstemmed | Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks |
title_short | Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks |
title_sort | research on detection and mitigation methods of adaptive flow table overflow attacks in software defined networks |
topic | SDN flow table overflow low-rate attacks graph neural network |
url | https://ieeexplore.ieee.org/document/10487937/ |
work_keys_str_mv | AT yingzeng researchondetectionandmitigationmethodsofadaptiveflowtableoverflowattacksinsoftwaredefinednetworks AT yongwang researchondetectionandmitigationmethodsofadaptiveflowtableoverflowattacksinsoftwaredefinednetworks AT yumingliu researchondetectionandmitigationmethodsofadaptiveflowtableoverflowattacksinsoftwaredefinednetworks |