Enhancing the performance and security against media‐access‐control table overflow vulnerability attacks

Tzang, Yih-Jou; Chang, Hong-Yi; Tzang, Chih-Hsuan

doi:10.1002/sec.1142

Cited by 5 publications

(4 citation statements)

References 13 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Assuming the desired number of flow table evictions is λ, it can be inferred that flow entries with positions less than λ in the flow table will be evicted. Therefore, we define the survival rate x f of flow entry f during each eviction as shown in (6), where L f represents the position index of flow f in the flow table (starting from 0). Assuming the number of batches of attack flows sent in a single attack cycle is d, which represents the number of times the flow table overflows within a single attack cycle, the survival rate P f of attack flow entries within a single attack cycle can be defined as shown in (7).…”

Section: Attack Mode Analysismentioning

confidence: 99%

“…S OFTWARE-DEFINED Networks(SDN) [1], as a novel network architecture, exhibits characteristics such as centralized control, separation of forwarding and control planes, and network programmability [2]. However, this new architectural paradigm also introduces novel network threats [3], [4], including security concerns in the data plane [5], [6]. Currently, switches that support the OpenFlow protocol [7] employ TCAM [8] to store flow entries.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

In Software-Defined Networks (SDN), the ternary content addressable memory (TCAM) capacity in switches is limited, making them vulnerable to low-rate flow table overflow attacks. Most existing research in this field has not focused on the influence of flow entry eviction mechanisms on the effectiveness of such attacks. This paper proposes an adaptive low-rate flow table overflow attack (ALFO), which can adopt corresponding attack modes under different flow entry eviction mechanisms, significantly degrading network service quality. Due to the different features of ALFO under different attack modes, the existing attack detection methods are ineffective in this attack. Therefore, this paper proposes a detection and mitigation framework, which is called adaptive low-rate flow table overflow attack guard framework (ALFO-Guard). It extracts flow features from flow entry information in the switch and aggregates them into a current-time graph model. Then, combining graph neural networks, it performs graph anomaly detection and flow entry classification to identify attack flow entries. Finally, the attack can be eliminated by deleting the identified attack flow entries and blocking the attack flows.The effectiveness of ALFO and ALFO-Guard is validated through extensive experiments, and the experimental results demonstrate that ALFO-Guard can effectively defend against ALFO.INDEX TERMS SDN, Flow table overflow, Low-rate attacks, Graph neural network.

show abstract

Section: Attack Mode Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Zeng,

Wang,

Liu

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Due to its good combination with various cloud services, SDN has been widely deployed in recent years, and its security has become the focus of attention in the industry. However, the introduction of the new architecture also brings a lot of new problems [1], among which security is the most noteworthy, including the security of the data plane [2,3]. e data plane not only will be affected by existing attacks in traditional networks (such as DDoS attacks [4]) but will also bring new types of attacks due to its own architecture, the most typical of which are flow table overflow attacks [5,6].…”

Section: Introductionmentioning

confidence: 99%

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Xie

Xing

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

In order to achieve requirements such as fast search of flow entries and mask matching, OpenFlow hardware switches usually use TCAM to store flow entries. Limited by the capacity of TCAM, the current commercial OpenFlow switches can only support hundreds of thousands of flow entries, which makes SDN network using OpenFlow hardware switches vulnerable to the threat of flow table overflow attack. Among them, low-rate DoS (LDoS) attack against table overflow poses a serious threat to SDN networks due to its high attack efficiency and concealed flow, and it is also difficult to detect. In this regard, this paper analyzed two types of LDoS attack flow against table overflow and proposed an attack detection and defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis) through the design of table overflow prediction and flow entries deletion strategy. Experiments conducted through the SDN network environment showed that SAIA can effectively detect and suppress LDoS attack flows in the flow table in large-scale network conditions and verified that the deployment of SAIA is lightweight. At the same time, SAIA implemented the flow entry deletion strategy based on LRU when the flow table overflows in a nonattack situation, which further enhances the stability of the network.

show abstract

“…The medium access control (MAC) address is a unique number obtained from a central authority and assigned to a network interface card (NIC), so that no two NICs have the same MAC address . This means that MAC address conflict is greatly avoided ,…”

Section: Introductionmentioning

confidence: 99%

Address resolution protocol spoofing attacks and security approaches: A survey

Hijazi

Obaidat

2018

Security and Privacy

View full text Add to dashboard Cite

Address resolution protocol (ARP) is a very popular communication protocol in the local area network (LAN), working under the network layer, as per the open systems interconnection (OSI) model. It is used to associate Internet protocol (IP) address to medium access control (MAC) address; hence, the IP‐MAC addresses are stored in ARP cache of any network host. ARP has weakness in authentication that an attacker can exploit to gain unauthorized access to one's sensitive data. There are some approaches that can be used against ARP spoofing attacks. These provide an efficient and secure way to mitigate ARP attacks and detect ARP poisoning that can reduce the attack. This paper will discuss: various effective approaches, security issues in ARP spoofing, and poisoning attacks.

show abstract

Enhancing the performance and security against media‐access‐control table overflow vulnerability attacks

Cited by 5 publications

References 13 publications

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

Research on Detection and Mitigation Methods of Adaptive Flow Table Overflow Attacks in Software-Defined Networks

A Table Overflow LDoS Attack Defending Mechanism in Software-Defined Networks

Address resolution protocol spoofing attacks and security approaches: A survey

Contact Info

Product

Resources

About