Title: Software-defined network flow table overflow attacks and countermeasures
Authors: Wanqing You; Kai Qian; Ying Qian
Addresses: Department of Computer Science, Southern Polytechnic State University, USA ' Department of Computer Science, Southern Polytechnic State University, USA ' Department of Computer Science, East China Normal University, China
Abstract: Software-defined network (SDN) is proposed as a new concept in computer networks, which separates the control plane from the data plane. And it provides a programmable network architecture that could facilitate rapid network innovation. OpenFlow is a network protocol that standardises the communications between OpenFlow controllers and OpenFlow switches. It is considered as an enabler of SDN. The flow table in OpenFlow switches plays a critical role in OpenFlow-based SDN, which stores the rules populated by the controllers for controlling and directing the packet flows in SDN. Nevertheless, they also become a new target of malicious attacks. This paper analyses the flow table overflow attack, a type of denial of service attacks, and proposes a novel eviction algorithm, dynamic in/out balancing with least frequently used eviction (DIOB/LFU), at service level to defend against the flow table overflow attacks.
Keywords: OpenFlow; flow tables; flow table overflow attacks; mitigation; software-defined networks; SDN; network security; packet flows; malicious attacks; denial of service; DoS attacks.
International Journal of Soft Computing and Networking, 2016 Vol.1 No.1, pp.70 - 81
Received: 12 Aug 2014
Accepted: 21 Jan 2015
Published online: 20 Jun 2016 *