Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense
المؤلفون المشاركون
Zhou, Yadong
Chen, Kaiyue
Zhang, Junjie
Leng, Junyuan
Tang, Yazhe
المصدر
Security and Communication Networks
العدد
المجلد 2018، العدد 2018 (31 ديسمبر/كانون الأول 2018)، ص ص. 1-15، 15ص.
الناشر
Hindawi Publishing Corporation
تاريخ النشر
2018-01-09
دولة النشر
مصر
عدد الصفحات
15
التخصصات الرئيسية
تكنولوجيا المعلومات وعلم الحاسوب
الملخص EN
As the most competitive solution for next-generation network, SDN and its dominant implementation OpenFlow are attracting more and more interests.
But besides convenience and flexibility, SDN/OpenFlow also introduces new kinds of limitations and security issues.
Of these limitations, the most obvious and maybe the most neglected one is the flow table capacity of SDN/OpenFlow switches.
In this paper, we proposed a novel inference attack targeting at SDN/OpenFlow network, which is motivated by the limited flow table capacities of SDN/OpenFlow switches and the following measurable network performance decrease resulting from frequent interactions between data and control plane when the flow table is full.
To the best of our knowledge, this is the first proposed inference attack model of this kind for SDN/OpenFlow.
We implemented an inference attack framework according to our model and examined its efficiency and accuracy.
The evaluation results demonstrate that our framework can infer the network parameters (flow table capacity and usage) with an accuracy of 80% or higher.
We also proposed two possible defense strategies for the discovered vulnerability, including routing aggregation algorithm and multilevel flow table architecture.
These findings give us a deeper understanding of SDN/OpenFlow limitations and serve as guidelines to future improvements of SDN/OpenFlow.
نمط استشهاد جمعية علماء النفس الأمريكية (APA)
Zhou, Yadong& Chen, Kaiyue& Zhang, Junjie& Leng, Junyuan& Tang, Yazhe. 2018. Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense. Security and Communication Networks،Vol. 2018, no. 2018, pp.1-15.
https://search.emarefa.net/detail/BIM-1214164
نمط استشهاد الجمعية الأمريكية للغات الحديثة (MLA)
Zhou, Yadong…[et al.]. Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense. Security and Communication Networks No. 2018 (2018), pp.1-15.
https://search.emarefa.net/detail/BIM-1214164
نمط استشهاد الجمعية الطبية الأمريكية (AMA)
Zhou, Yadong& Chen, Kaiyue& Zhang, Junjie& Leng, Junyuan& Tang, Yazhe. Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense. Security and Communication Networks. 2018. Vol. 2018, no. 2018, pp.1-15.
https://search.emarefa.net/detail/BIM-1214164
نوع البيانات
مقالات
لغة النص
الإنجليزية
الملاحظات
Includes bibliographical references
رقم السجل
BIM-1214164
قاعدة معامل التأثير والاستشهادات المرجعية العربي "ارسيف Arcif"
أضخم قاعدة بيانات عربية للاستشهادات المرجعية للمجلات العلمية المحكمة الصادرة في العالم العربي
تقوم هذه الخدمة بالتحقق من التشابه أو الانتحال في الأبحاث والمقالات العلمية والأطروحات الجامعية والكتب والأبحاث باللغة العربية، وتحديد درجة التشابه أو أصالة الأعمال البحثية وحماية ملكيتها الفكرية. تعرف اكثر