Mitigating New-Flow Attack with SDNSnapshot in P4-based SDN

Yun Zhan Cai, Ting Yu Lin, Yu Ting Wang, Ya Pei Tuan, Meng Hsun Tsai

研究成果: Conference contribution

摘要

In software-defined networking (SDN), emerging new-flow attacks aim at exhausting the resources of switches and controllers through massive packet-in messages. To detect new-flow attacks, SDNGuardian was proposed as a protocol-independent defense method, which uses entropy to detect anomalies and mitigate attacks with rate limits. In this paper, we introduce a crafty new-flow attack named timeout-aware attack that SDNGuardian cannot detect. We, therefore, propose a novel defense method: SDNSnapshot. Through simulations, we show that SDNSnapshot can successfully detect the timeout-aware attack. The number of dropped benign packet-in messages in SDNSnapshot is around one third of that in SDNGuardian. Besides, a snapshot only consumes 0.9Mb static random access memory (SRAM) for each anomalous sensitive field. The results indicate that SDNSnapshot is a feasible solution to mitigate new-flow attacks in practice.

原文English
主出版物標題APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium
主出版物子標題Data-Driven Intelligent Management in the Era of beyond 5G
發行者Institute of Electrical and Electronics Engineers Inc.
ISBN(電子)9784885523397
DOIs
出版狀態Published - 2022
事件23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022 - Takamatsu, Japan
持續時間: 2022 9月 282022 9月 30

出版系列

名字APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G

Conference

Conference23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022
國家/地區Japan
城市Takamatsu
期間22-09-2822-09-30

All Science Journal Classification (ASJC) codes

  • 電腦網路與通信
  • 硬體和架構
  • 資訊系統與管理

指紋

深入研究「Mitigating New-Flow Attack with SDNSnapshot in P4-based SDN」主題。共同形成了獨特的指紋。

引用此