POAGuard: A Defense Mechanism Against Preemptive Table Overflow Attack in Software-Defined Networks

被引:0
|
作者
Liu, Yuming [1 ]
Wang, Yong [1 ]
Feng, Hao [1 ]
机构
[1] Guilin Univ Elect Technol, Sch Comp & Informat Secur, Guilin 541004, Peoples R China
基金
中国国家自然科学基金;
关键词
SDN; flow table overflow; preemptive overflow attack; attack detection;
D O I
10.1109/ACCESS.2023.3330224
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In Software-Defined Networks (SDN), the limited flow table capacity of switches makes them susceptible to flow table overflow attacks, which can lead to performance degradation or network corruption. Prior research has mainly focused on rate-based overflow attacks (ROA), which exhibit varying attack effects depending on the overflow rate. This study introduces a novel attack called the preemptive overflow attack (POA), which exploits flow entry eviction mechanism to preempt the flow entries of normal applications, resulting in amplified performance degradation. Notably, when using the widely deployed Least Frequently Used (LFU) eviction algorithm, POA achieves a significant impact while consuming fewer flow entries than existing ROA methods. Furthermore, the detection of POA remains challenging owing to the lack of distinctive flow features. To mitigate POA, we propose POAGuard as a defense mechanism. POAGuard incorporates a table segmentation method for table management, a score-based eviction algorithm that evicts suspicious flow entries, and a concept drift-based detection method that identifies and defends against POA. Extensive experiments are conducted to verify the effectiveness of POAGuard, and the results demonstrate that POAGuard can effectively defend against POA.
引用
收藏
页码:123659 / 123676
页数:18
相关论文
共 50 条
  • [21] A Multi-stage Attack Mitigation Mechanism for Software-defined Home Networks
    Luo, Shibo
    Wu, Jun
    Li, Jianhua
    Guo, Longhua
    IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, 2016, 62 (02) : 200 - 207
  • [22] Cyberattack defense mechanism using deep learning techniques in software-defined networks
    Rao, Dimmiti Srinivasa
    Emerson, Ajith Jubilson
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2024, 23 (02) : 1279 - 1291
  • [23] Cyberattack defense mechanism using deep learning techniques in software-defined networks
    Dimmiti Srinivasa Rao
    Ajith Jubilson Emerson
    International Journal of Information Security, 2024, 23 : 1279 - 1291
  • [24] Flow Table Overflow Attacks in Software Defined Networks: A Survey
    Zhao, Changqing
    Liao, Ling Xia
    Chao, Han-Chieh
    Lai, Roy Xiaorong
    Zhang, Miao
    JOURNAL OF INTERNET TECHNOLOGY, 2023, 24 (07): : 1391 - 1401
  • [25] Flow Table Overflow Attacks in a Software-Defined Network (SDN): A Systematic Review
    Isaiah, Aladesote Olomi
    Abdullah, Azizol
    Samian, Normalia
    Hanapi, Zurina Mohd.
    IAENG International Journal of Computer Science, 2024, 51 (09) : 1219 - 1239
  • [26] Heterogeneous Flow Table Distribution in Software-Defined Networks
    Huang, Jen-Feng
    Chang, Guey-Yun
    Wang, Chun-Feng
    Lin, Chih-Hao
    IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING, 2016, 4 (02) : 252 - 261
  • [27] A novel machine learning-based classification approach to prevent flow table overflow attack in Software-Defined Networking
    Karthikeyan, V
    Murugan, K.
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2024, 36 (01):
  • [28] Overview of DDoS Attack Detection in Software-Defined Networks
    Wang, Heyu
    Li, Yixuan
    IEEE ACCESS, 2024, 12 : 38351 - 38381
  • [29] HSDT: Table-Overflow Attack Defender with Historical Statistics Based Dynamic Timeout in Software Defined Networks
    Noh, Sichul Kevin
    Park, Minho
    APPLIED SCIENCES-BASEL, 2023, 13 (22):
  • [30] Reducing and Balancing Flow Table Entries in Software-Defined Networks
    Jia, Xuya
    Jiang, Yong
    Guo, Zehua
    Wu, Zhenwei
    2016 IEEE 41ST CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), 2016, : 575 - 578