Changyou Xing scite author profile

Information-centric networking (ICN) aims to make the Internet more data-oriented or content-centric, thus namebased routing and universal caching are used to change the way users requesting and fetching content, as well as to improve network performance. However, current implementation mechanisms define some kinds of "clean-slate" architecture and certain brand new technologies need to be designed and implemented. In this paper, some requisites reflecting ICN's essential ingredients are generalized, and based on the OpenFlow and the data center technologies, a mechanism called odICN, which can satisfy those aforementioned requisites, is proposed together with its algorithmic framework. Finally, a prototype of odICN is built to verify its feasibility.

show abstract

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Xie

Xing

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high attack efficiency and concealed flow, and it is also difficult to detect. In this regard, this paper analyzed two types of LDoS attack flow against table overflow and proposed an attack detection and defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis) through the design of table overflow prediction and flow entries deletion strategy. Experiments conducted through the SDN network environment showed that SAIA can effectively detect and suppress LDoS attack flows in the flow table in large-scale network conditions and verified that the deployment of SAIA is lightweight. At the same time, SAIA implemented the flow entry deletion strategy based on LRU when the flow table overflows in a nonattack situation, which further enhances the stability of the network.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Changyou Xing

Failure-resilient DAG task scheduling in edge computing

Research on OpenFlow-Based SDN Technologies

SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks

Predicting Available Bandwidth of Internet Path with Ultra Metric Space-Based Approaches

Estimating SDN traffic matrix based on online adaptive information gain maximization method

Sample and Fetch-Based Large Flow Detection Mechanism in Software Defined Networks

A Mechanism of Information-Centric Networking Based on Data Centers

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Contact Info

Product

Resources

About