• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Services Computing, IEEE Transactions on >Defending Against Flow Table Overloading Attack in Software-Defined Networks
【24h】

Defending Against Flow Table Overloading Attack in Software-Defined Networks

机译:防御软件定义网络中的流表过载攻击

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The Software-Defined Network (SDN) is a new and promising network architecture. At the same time, SDN will surely become a new target of cyber attackers. In this paper, we point out one critical vulnerability in SDNs, the size of flow table, which is most likely to be attacked. Due to the expensive and power-hungry features of Ternary Content Addressable Memory (TCAM), a flow table usually has a limited size, which can be easily disabled by a flow table overloading attack (a transformed DDoS attack). To provide a security service in SDN, we proposed a QoS-aware mitigation strategy, namely, peer support strategy, which integrates the available idle flow table resource of the whole SDN system to mitigate such an attack on a single switch of the system. We established a practical mathematical model to represent the studied system, and conducted a thorough analysis for the system in various circumstances. Based on our analysis, we found that the proposed strategy can effectively defeat the flow table overloading attacks. Extensive simulations and testbed-based experiments solidly support our claims. Moreover, our work also shed light on the implementation of SDN networks against possible brute-force attacks.
机译:软件定义网络(SDN)是一种新兴的有前途的网络体系结构。同时,SDN必将成为网络攻击者的新目标。在本文中,我们指出了SDN中的一个关键漏洞,即流表的大小,该漏洞最有可能受到攻击。由于三进制内容可寻址存储器(TCAM)具有昂贵且耗电的功能,因此流表通常具有有限的大小,可以通过流表重载攻击(转换的DDoS攻击)轻松禁用它。为了在SDN中提供安全服务,我们提出了一种QoS感知的缓解策略,即对等支持策略,该策略集成了整个SDN系统的可用空闲流表资源,以减轻对系统单个交换机的此类攻击。我们建立了一个实用的数学模型来代表所研究的系统,并在各种情况下对该系统进行了全面的分析。根据我们的分析,我们发现所提出的策略可以有效地克服流表过载攻击。广泛的模拟和基于测试平台的实验完全支持我们的主张。此外,我们的工作还阐明了针对可能的暴力攻击实施SDN网络的方法。

著录项

  • 来源
    《Services Computing, IEEE Transactions on》 |2019年第2期|231-246|共16页
  • 作者

    Yuan Bin; Zou Deqing; Yu Shui; Jin Hai; Qiang Weizhong; Shen Jinan;

  • 作者单位

    Huazhong Univ Sci & Technol, Cluster & Grid Comp Lab, Serv Comp Technol & Syst Lab, Big Data Technol & Syst Lab, Wuhan 430074, Hubei, Peoples R China;

    Huazhong Univ Sci & Technol, Cluster & Grid Comp Lab, Serv Comp Technol & Syst Lab, Big Data Technol & Syst Lab, Wuhan 430074, Hubei, Peoples R China|Shenzhen Huazhong Univ Sci & Technol, Res Inst, Shenzhen 518057, Peoples R China;

    Deakin Univ, Sch IT, Melbourne, Vic 3125, Australia;

    Huazhong Univ Sci & Technol, Cluster & Grid Comp Lab, Serv Comp Technol & Syst Lab, Big Data Technol & Syst Lab, Wuhan 430074, Hubei, Peoples R China;

    Huazhong Univ Sci & Technol, Cluster & Grid Comp Lab, Serv Comp Technol & Syst Lab, Big Data Technol & Syst Lab, Wuhan 430074, Hubei, Peoples R China;

    Huazhong Univ Sci & Technol, Cluster & Grid Comp Lab, Serv Comp Technol & Syst Lab, Big Data Technol & Syst Lab, Wuhan 430074, Hubei, Peoples R China;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

    SDN security; DDoS attacks; QoS; security service; flow table;

    机译:SDN安全;DDOS攻击;QoS;安全服务;流动表;

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号