SDN Security: Information Disclosure and Flow Table Overflow Attacks

被引：3

作者：

Patwardhan, Aditya ^{[1
]}

Jayarama, Deepthi ^{[1
]}

Limaye, Nitish ^{[2
]}

Vidhale, Shivaji ^{[2
]}

Parekh, Zarna ^{[1
]}

Harfoush, Khaled ^{[2
]}

机构：

[1] North Carolina State Univ, Dept Elect & Comp Engn, Raleigh, NC 27606 USA

[2] North Carolina State Univ, Dept Comp Sci, Raleigh, NC 27606 USA

来源：

2019 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM) | 2019年

关键词：

SDN security; OpenFlow; Overflow attacks; Flow tables;

D O I：

10.1109/globecom38437.2019.9014048

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we study some of the security pitfalls present in the OpenFlow protocol, which plays a central role in Software Defined Networks. Specifically, we introduce information disclosure attacks capable of identifying idle and hard timeout values, and the number of free entries in the flow tables at SDN switches. We then leverage this information to mount Denial of Service (DoS) attacks using a small number of packets and without flooding the SDN network, making it harder to detect. Experimental results indicate that mounting the proposed attack leads to delays and packet losses for legitimate flows. We further propose solutions to detect and mitigate similar attacks.

引用

页数：6

共 50 条

[1] TableGuard: A Novel Security Mechanism Against Flow Table Overflow Attacks in SDN
Kong, Dezhang
Wu, Chunming
Shen, Yi
Chen, Xiang
Liu, Hongyan
Zhang, Dong
[J]. 2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022), 2022, : 4167 - 4172
[2] FTODefender: An efficient flow table overflow attacks defending system in SDN
Tang, Dan
Zheng, Zhiqing
Yin, Chao
Xiong, Bing
Qin, Zheng
Yang, Qiuwei
[J]. EXPERT SYSTEMS WITH APPLICATIONS, 2024, 237
[3] Mitigating SDN Flow Table Overflow
Luo, Hanwu
Li, Wenzhen
Qian, Ying
Dou, Liang
[J]. 2018 IEEE 42ND ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE (COMPSAC), VOL 1, 2018, : 821 - 822
[4] Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks
Yu, Mingli
He, Ting
McDaniel, Patrick
Burke, Quinn K.
[J]. IEEE INFOCOM 2020 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, 2020, : 1519 - 1528
[5] Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks
Yu, Mingli
He, Ting
McDaniel, Patrick
Burke, Quinn K.
[J]. IEEE-ACM TRANSACTIONS ON NETWORKING, 2021, 29 (06) : 2793 - 2806
[6] NFV-GUARD: Mitigating Flow Table-Overflow Attacks in SDN Using NFV
Soylu, Mustafa
Guillen, Luis
Izumi, Satoru
Abe, Toru
Suganuma, Takuo
[J]. PROCEEDINGS OF THE 2021 IEEE 7TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT 2021): ACCELERATING NETWORK SOFTWARIZATION IN THE COGNITIVE AGE, 2021, : 263 - 267
[7] OpenFlow Flow Table Overflow Attacks and Countermeasures
Qian, Ying
You, Wanqing
Qian, Kai
[J]. 2016 EUROPEAN CONFERENCE ON NETWORKS AND COMMUNICATIONS (EUCNC), 2016, : 205 - 209
[8] FTMaster: A Detection and Mitigation System of Low-Rate Flow Table Overflow Attacks via SDN
Tang, Dan
Gao, Chenjun
Liang, Wei
Zhang, Jiliang
Li, Keqin
[J]. IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2023, 20 (04): : 5073 - 5084
[9] Information Disclosure and the Diffusion of Information Security Attacks
Mitra, Sabyasachi
Ransbotham, Sam
[J]. INFORMATION SYSTEMS RESEARCH, 2015, 26 (03) : 565 - 584
[10] FTOP: An Efficient Flow Table Overflow Preventing System for Switches in SDN
Tang, Dan
Zheng, Zhiqing
Li, Keqin
Yin, Chao
Liang, Wei
Zhang, Jiliang
[J]. IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING, 2024, 11 (03): : 2524 - 2536

← 1 2 3 4 5 →