Slow TCAM Exhaustion DDoS Attack

Pascoal, Túlio; Dantas, Yuri Gil; Fonseca, Iguatemi E.; Nigam, Vivek

doi:10.1007/978-3-319-58469-0_2

Cited by 56 publications

(44 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As the current flow rules are preserved, this dramatically increases the number of flow rules in the switch. Consequently, not only the server becomes the victim of a stealthy DoS attack, but also the SDN control and data plane components suffer from resource exhaustion [4], [5]. Normally, in case of stealthy DoS attacks the number of flow rules do not exceed the flowtable capacity in the SDN switches.…”

Section: B Vulnerabilities In Software Defined Network Wrt Stealmentioning

confidence: 99%

See 1 more Smart Citation

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Gias

Islam

Hương

et al. 2019

2019 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

Software Defined Networking (SDN) enables flexible and scalable network control and management. However, it also introduces new vulnerabilities that can be exploited by attackers. In particular, low-rate and slow or stealthy Denial-of-Service (DoS) attacks are recently attracting attention from researchers because of their detection challenges. In this paper, we propose a novel machine learning based defense framework named Q-MIND, to effectively detect and mitigate stealthy DoS attacks in SDN-based networks. We first analyze the adversary model of stealthy DoS attacks, the related vulnerabilities in SDN-based networks and the key characteristics of stealthy DoS attacks. Next, we describe and analyze an anomaly detection system that uses a Reinforcement Learning-based approach based on Q-Learning in order to maximize its detection performance. Finally we outline the complete Q-MIND defense framework that incorporates the optimal policy derived from the Q-Learning agent to efficiently defeat stealthy DoS attacks in SDN-based networks. An extensive comparison of the Q-MIND framework and currently existing methods shows that significant improvements in attack detection and mitigation performance are obtained by Q-MIND.

show abstract

Section: B Vulnerabilities In Software Defined Network Wrt Stealmentioning

confidence: 99%

“…1. For example, SDN-based forwarding devices, i.e., OpenFlow switches [3], can suffer from overflow problems caused by a silent saturation DoS attack [2], [4], [5].…”

Section: Introductionmentioning

confidence: 99%

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Gias

Islam

Hương

et al. 2019

2019 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

show abstract

“…We observe that the switch starts getting overflowed or cannot handle new flow rules if the current total number of flows is around 3000 ( f cap i ) [6], [8]. Setting the idle_timeout value (after which the flow entries are removed) to 10 seconds, the safety threshold for the packet rate the switch can handle is 300 packets per second assuming that each packet belongs to a different traffic flow rule (worst case assumption).…”

Section: B Training Q-learning and Svm Algorithmsmentioning

confidence: 99%

“…In order to show the performance enhancement in traffic flow monitoring in SDN based networks with the Q-DATA framework, we implement a SOM-based IDS application (Self Organizing Map algorithm [21]) to detect abnormal traffic on top of the ONOS controller. We consider some common attacks, which can make the SDN switch become overflowed, comprising TCP SYN flood [22], Port scanning [22], Low and Slow Denial-of-Service [6]. The attack traffic is stemmed from hosts and it is directed to Web servers in our setup.…”

Section: Experiments Setupmentioning

confidence: 99%

Q-DATA: Enhanced Traffic Flow Monitoring in Software-Defined Networks applying Q-learning

Islam

Nguyen

Bauschert

2019

2019 15th International Conference on Network and Service Management (CNSM)

View full text Add to dashboard Cite

Software-Defined Networking (SDN) introduces a centralized network control and management by separating the data plane from the control plane which facilitates traffic flow monitoring, security analysis and policy formulation. However, it is challenging to choose a proper degree of traffic flow handling granularity while proactively protecting forwarding devices from getting overloaded. In this paper, we propose a novel traffic flow matching control framework called Q-DATA that applies reinforcement learning in order to enhance the traffic flow monitoring performance in SDN based networks and prevent traffic forwarding performance degradation. We first describe and analyse an SDN-based traffic flow matching control system that applies a reinforcement learning approach based on Q-learning algorithm in order to maximize the traffic flow granularity. It also considers the forwarding performance status of the SDN switches derived from a Support Vector Machine based algorithm. Next, we outline the Q-DATA framework that incorporates the optimal traffic flow matching policy derived from the traffic flow matching control system to efficiently provide the most detailed traffic flow information that other mechanisms require. Our novel approach is realized as a REST SDN application and evaluated in an SDN environment. Through comprehensive experiments, the results show that-compared to the default behavior of common SDN controllers and to our previous DATA mechanism-the new Q-DATA framework yields a remarkable improvement in terms of traffic forwarding performance degradation protection of SDN switches while still providing the most detailed traffic flow information on demand.

show abstract

“…A widely discussed attack on the SDN data plane is via exhaustion of the TCAM memory in hardware SDN switches [165,166]. In contrast, we consider the exhausting of computing resources in a software SDN switch and the resulting impact on its ability to forward legitimate packets.…”

Section: Attack On the Data Planementioning

confidence: 99%

Security in software defined networks

Alharbi¹

View full text Add to dashboard Cite

Software Defined Networking (SDN) is an emerging computer network paradigm and represents one of the most promising technologies to simplify network management and configuration through increased network programmability and abstraction. In contrast to traditional networks, in SDN, the control plane, which makes decisions on how to forward traffic, is separated from the data plane, which transmits traffic to selected destinations. That makes network control (via the SDN controller) more programmable, dynamic and centralised. With the higher level of abstraction that SDN provides, network administrators can more easily configure network services and manage traffic flows without having to configure a large number of individual network devices (switches and routers). The great potential of SDN has led to significant deployments in data centres, wide area networks, etc., and it is growing at a rapid pace.Security is a critical aspect of networking in general and is particularly vital in SDN. Due to its fundamentally new architecture, SDN presents new potential security vulnerabilities and risks. Security in SDN has not received much attention yet, given that it is very distinct and unique.The goal of this PhD was to address this gap and analyse the security of the SDN infrastructure, identify vulnerabilities and weaknesses, and propose corresponding solutions and improvements. The focus was on the fundamental aspects and components of SDN, in particular the building blocks of the control plane components include Topology Discovery, Address Resolution Protocol (ARP) Handling and Virtualisation Layer. Finally, the thesis thoroughly explored and investigated the most common and effective attacks against the SDN architecture.

show abstract

Slow TCAM Exhaustion DDoS Attack

Cited by 56 publications

References 25 publications

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Q-DATA: Enhanced Traffic Flow Monitoring in Software-Defined Networks applying Q-learning

Security in software defined networks

Contact Info

Product

Resources

About