FloRa: Flow Table Low-Rate Overflow Reconnaissance and Detection in SDN

IF 4.7 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS IEEE Transactions on Network and Service Management Pub Date : 2024-08-20 DOI:10.1109/TNSM.2024.3446178
Ankur Mudgal;Abhishek Verma;Munesh Singh;Kshira Sagar Sahoo;Erik Elmroth;Monowar Bhuyan
{"title":"FloRa: Flow Table Low-Rate Overflow Reconnaissance and Detection in SDN","authors":"Ankur Mudgal;Abhishek Verma;Munesh Singh;Kshira Sagar Sahoo;Erik Elmroth;Monowar Bhuyan","doi":"10.1109/TNSM.2024.3446178","DOIUrl":null,"url":null,"abstract":"SDN has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably the Low-Rate Flow Table Overflow (LOFT) attacks. LOFT exploits the flow table’s storage capacity by occupying a substantial amount of space with malicious flow, leading to a gradual degradation in the flow-forwarding performance of OF switches. To mitigate this threat, we propose FloRa, a machine learning-based solution designed for monitoring and detecting LOFT attacks in SDN. FloRa continuously examines and determines the status of the flow table by closely examining the features of the flow table entries. When suspicious activity is identified, FloRa promptly activates the machine-learning based detection module. The module monitors flow properties, identifies malicious flows, and blacklists them, facilitating their eviction from the flow table. Incorporating novel features such as Packet Arrival Frequency, Content Relevance Score, and Possible Spoofed IP along with Cat Boost employed as the attack detection method. The proposed method reduces CPU overhead, memory overhead, and classification latency significantly and achieves a detection accuracy of 99.49% which is more than the state-of-the-art methods to the best of our knowledge. This approach not only protects the integrity of the flow tables but also guarantees the uninterrupted flow of legitimate traffic. Experimental results indicate the effectiveness of FloRa in LOFT attack detection, ensuring uninterrupted data forwarding and continuous availability of flow table resources in SDN.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"21 6","pages":"6670-6683"},"PeriodicalIF":4.7000,"publicationDate":"2024-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10640115/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

SDN has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably the Low-Rate Flow Table Overflow (LOFT) attacks. LOFT exploits the flow table’s storage capacity by occupying a substantial amount of space with malicious flow, leading to a gradual degradation in the flow-forwarding performance of OF switches. To mitigate this threat, we propose FloRa, a machine learning-based solution designed for monitoring and detecting LOFT attacks in SDN. FloRa continuously examines and determines the status of the flow table by closely examining the features of the flow table entries. When suspicious activity is identified, FloRa promptly activates the machine-learning based detection module. The module monitors flow properties, identifies malicious flows, and blacklists them, facilitating their eviction from the flow table. Incorporating novel features such as Packet Arrival Frequency, Content Relevance Score, and Possible Spoofed IP along with Cat Boost employed as the attack detection method. The proposed method reduces CPU overhead, memory overhead, and classification latency significantly and achieves a detection accuracy of 99.49% which is more than the state-of-the-art methods to the best of our knowledge. This approach not only protects the integrity of the flow tables but also guarantees the uninterrupted flow of legitimate traffic. Experimental results indicate the effectiveness of FloRa in LOFT attack detection, ensuring uninterrupted data forwarding and continuous availability of flow table resources in SDN.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
SDN中的流表低速率溢出侦察和检测
SDN已经发展成为革命性的下一代网络,为即时服务提供可编程性,主要由OpenFlow (OF)协议支持。用于存储流表的三元内容可寻址存储器(TCAM)的存储容量有限,在of交换机中引入了漏洞,特别是低速率流表溢出(LOFT)攻击。LOFT通过恶意流占用大量空间来利用流表的存储容量,导致of交换机的流转发性能逐渐下降。为了减轻这种威胁,我们提出了FloRa,这是一种基于机器学习的解决方案,旨在监测和检测SDN中的LOFT攻击。FloRa通过仔细检查流表条目的特征,不断检查和确定流表的状态。当发现可疑活动时,FloRa会立即激活基于机器学习的检测模块。该模块监视流属性,识别恶意流,并将其列入黑名单,以便将其从流表中删除。结合新颖的特征,如数据包到达频率、内容相关性评分和可能被欺骗的IP,以及使用Cat Boost作为攻击检测方法。该方法显著降低了CPU开销、内存开销和分类延迟,检测准确率达到99.49%,超过了目前已知的最先进的方法。这种方法不仅保护了流表的完整性,而且保证了合法流量的不间断流动。实验结果表明了FloRa在LOFT攻击检测中的有效性,保证了SDN中数据转发不中断和流表资源的持续可用性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IEEE Transactions on Network and Service Management
IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications
CiteScore
9.30
自引率
15.10%
发文量
325
期刊介绍: IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.
期刊最新文献
Table of Contents Table of Contents Guest Editors’ Introduction: Special Issue on Robust and Resilient Future Communication Networks A Novel Adaptive Device-Free Passive Indoor Fingerprinting Localization Under Dynamic Environment HSS: A Memory-Efficient, Accurate, and Fast Network Measurement Framework in Sliding Windows
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1