A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Xie, Shengxu; Xing, Changyou; Zhang, Guomin; Zhao, Jianhua

doi:10.1155/2021/6667922

Cited by 13 publications

(16 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This mechanism consists of multi-feature attack detection and dynamic removal of flow entries, to achieve fine-grained detection results. Xie et al [21] presented an attack detection and mitigation mechanism called SAIA, which consists of four modules: data collection, overflow prediction, attack detection, and overflow mitigation. SAIA periodically samples the required data, performs attack detection based on thresholds, removes detected attack Statistical feature-based detection methods [30]- [33] detect attacks based on the effect caused and reasonable thresholds.…”

Section: ) Low-rate Flow Table Overflow Attackmentioning

confidence: 99%

See 1 more Smart Citation

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

In Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiveness of such attacks. This paper proposes an adaptive low-rate flow table overflow attack (ALFO), which can adopt corresponding attack modes under different flow entry eviction mechanisms, significantly degrading network service quality. Due to the different features of ALFO under different attack modes, the existing attack detection methods are ineffective in this attack. Therefore, this paper proposes a detection and mitigation framework, which is called adaptive low-rate flow table overflow attack guard framework (ALFO-Guard). It extracts flow features from flow entry information in the switch and aggregates them into a current-time graph model. Then, combining graph neural networks, it performs graph anomaly detection and flow entry classification to identify attack flow entries. Finally, the attack can be eliminated by deleting the identified attack flow entries and blocking the attack flows.The effectiveness of ALFO and ALFO-Guard is validated through extensive experiments, and the experimental results demonstrate that ALFO-Guard can effectively defend against ALFO.INDEX TERMS SDN, Flow table overflow, Low-rate attacks, Graph neural network.

show abstract

Section: ) Low-rate Flow Table Overflow Attackmentioning

confidence: 99%

“…The matching fields include protocol, port_src, port_dst, ip_src, and ip_dst. Since the proposed method in this paper relies solely on the flow features of a single switch and is independent of the network topology, we adopt the topology from reference [21] as our experimental topology, as depicted in Fig. 7.…”

Section: Experiments and Analysismentioning

confidence: 99%

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In the literature, several approaches that use switch memory management techniques have been found [158], [159]. However, there are few oriented to a security scope; thus, in [160], the authors propose a detection and defense mechanism against LDoS (low-rate DoS) attacks. The proposal uses statistical analysis for detection, whereas for mitigation, it uses the replacement technique supported by the LRU algorithm.…”

Section: ) Stateless Data Planementioning

confidence: 99%

“…Preconditions/ Postconditions [123] OFDP vulnerable BFD [125] Fake packet-in Switch port association with host MAC [135] Lack of packet-in message authentication Independent hardware implementation [136] DoS attacks Statistics [137] DoS attacks Protocol-independent defense framework [128] Spoofing and DoS attacks ACL / Machine learning [155] Spoofing Route and Dos attacks Traffic statistics [138] DDoS attacks Entropy [140] DoS attacks Entropy [141] DoS attacks Traffic statistics [142] DDoS attacks KPCA+GA+ Machine learning [143] DDoS attacks Blockchain [144] Lack of P2P traffic identification Machine learning [145] HTTP DDoS attacks Entropy + Hardware [149] DDoS attacks PCA [150] DDoS attacks EWMA [151] DDoS attacks Snort IDS [152] DDoS attacks Machine learning [153] DDoS attacks Deep Learning [154] DDoS attacks Entropy / Machine learning [156] Inference attacks Randomization of network attributes/ Rate-limiting + Proactive rules Rate-limiting + Proxy [160] DoS attacks (LDoS) Statistics / LRU [130] Inference attacks Routing aggregation / TCAM + SRAM [161], [162] Lack of network client access control EAP / RADIUS [163] Lack of network client access control EAPoL / RADIUS [164] DoS attacks Blockchain + Hardware [129] SYN flooding and ARP spoofing attacks SYN/ACK and ACK/FIN packets' ratio / P4 cache [165] Traffic overload / Latency App+P4 [166] Traffic overload Snort IPS + P4 [167] DDoS attacks P4+Entropy+FSM [168] Lack of link protection between stateful switches MACsec [169] States exchange between stateful switches Digital signatures [170] Link floo...…”

Section: ) Stateful Data Planementioning

confidence: 99%

A Survey of the Main Security Issues and Solutions for the SDN Architecture

et al. 2021

View full text Add to dashboard Cite

The software-defined networking (SDN) paradigm proposes the decoupling of control and data planes and a centralized software-oriented management approach based on a central controller, easing the development of new applications and services. These design principles pave the way for a more flexible, fast, and dynamic software-controlled network. However, in terms of security, the elements that comprise the SDN architecture present several vulnerabilities, which could be exploited by attackers to carry out malicious actions and thus affect the network and its services. Although for several years, some studies have already focused on identifying the weaknesses of the SDN layer structure, the nature of the attacks, and possible solutions for this paradigm, the literature contains few contributions that review and discuss this topic in an integral fashion. This paper provides a comprehensive, updated, and detailed review of the main security issues and mitigating measures for all layers and interfaces of the SDN architecture, classifying the contributions according to the STRIDE threat modeling methodology categories. Finally, this manuscript identifies, discusses, and synthesizes open challenges and future research directions in this area.

show abstract

“…One of the attacks that could impact the SD-IoT integration model is DDoS. In general, DDoS attacks are classified into two types, namely High Rate Distributed Denial Of Service (HRDDoS) and Low Rate Distributed Denial Of Service (LRDDoS) [9], [10]. LRDDoS attacks initiated on data fields are characterized by low speed, concealment, and persistence, which make them difficult to detect.…”

Section: Introductionmentioning

confidence: 99%

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

Azmi

Sumadi

2022

KINETIK

View full text Add to dashboard Cite

The evolution of computer network technology is now experiencing substantial changes, particularly with the introduction of a new paradigm, Software Defined Networking (SDN). The SDN architecture has been applied in a variety of networks, including the Internet of Things (IoT), which is known as SD-IoT. IoT is made up of billions of networking devices that are interconnected and linked to the Internet. Since the SD-IoT was considered as a complex entity, several types of attack on vulnerabilities vary greatly and can be exploited by careless individuals. Low-Rate Distributed Denial of Service (LRDDoS) is one of the availability-based attack that may affect the SD-IoT integration paradigm. Therefore, it is necessary to have an Intrusion Detection System (IDS) to overcome the security hole caused by LRDDoS. The main objective of this research was the establishment of an IDS application for resolving LRDDoS attack using the SVM algorithm combined with the Feature Importance method, namely the Logistic Regression Coefficient. The implemented approach was developed to reduce the complexity or resource’s consumption during the classification process as well as increasing the accuracy. It could be concluded that the Linear kernel SVM algorithm acquired the highest results on the test schemes at 100% accuracy, but the training time required for this model was longer, about 23.6 seconds compared to the Radial Basis Function model which only takes about 1.5 seconds.

show abstract

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Cited by 13 publications

References 34 publications

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

A Survey of the Main Security Issues and Solutions for the SDN Architecture

Low-Rate Attack Detection on SD-IoT Using SVM Combined with Feature Importance Logistic Regression Coefficient

Contact Info

Product

Resources

About