Changqing Zhao Changqing Zhao, Ling Xia Liao Changqing Zhao, Han-Chieh Chao Ling Xia Liao, Roy Xiaorong Lai Han-Chieh Chao, Miao Zhang Roy Xiaorong Lai
{"title":"Flow Table Overflow Attacks in Software Defined Networks: A Survey","authors":"Changqing Zhao Changqing Zhao, Ling Xia Liao Changqing Zhao, Han-Chieh Chao Ling Xia Liao, Roy Xiaorong Lai Han-Chieh Chao, Miao Zhang Roy Xiaorong Lai","doi":"10.53106/160792642023122407001","DOIUrl":null,"url":null,"abstract":"While Software-Defined Networks (SDNs) have separated control and data planes and completely decouple the flow control from the data forwarding to enable network flexibility, programmability, and innovation, they also raise serious security concerns in each plane and the interfaces between the two planes. This paper, instead of studying the security issues in the SDN control plane as many literatures have done in current research, focuses on the security issues in the SDN data plane, aiming at the state of the art mechanims to identify, detect, and mitigate them. Specifically, this paper reviews the typical models, detections, and mitigations of SDN flow table overflow attacks. After reviewing the various vulnerabilities in SDNs, this paper categorizes the flow table overflow attacks into saturation, low-rate table exhaustion, and slow saturation attacks, and summarizes the attack models, detections, and mitigations of each category. It reviews the typical attacks that can overflow the flow tables and provides the main challenges and open issues for the future research.","PeriodicalId":442331,"journal":{"name":"網際網路技術學刊","volume":"5 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"網際網路技術學刊","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.53106/160792642023122407001","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
While Software-Defined Networks (SDNs) have separated control and data planes and completely decouple the flow control from the data forwarding to enable network flexibility, programmability, and innovation, they also raise serious security concerns in each plane and the interfaces between the two planes. This paper, instead of studying the security issues in the SDN control plane as many literatures have done in current research, focuses on the security issues in the SDN data plane, aiming at the state of the art mechanims to identify, detect, and mitigate them. Specifically, this paper reviews the typical models, detections, and mitigations of SDN flow table overflow attacks. After reviewing the various vulnerabilities in SDNs, this paper categorizes the flow table overflow attacks into saturation, low-rate table exhaustion, and slow saturation attacks, and summarizes the attack models, detections, and mitigations of each category. It reviews the typical attacks that can overflow the flow tables and provides the main challenges and open issues for the future research.
软件定义网络(SDN)将控制平面和数据平面分离,并将流量控制与数据转发完全解耦,从而实现了网络的灵活性、可编程性和创新性,但同时也在每个平面以及两个平面之间的接口上引发了严重的安全问题。本文并不像当前研究中的许多文献那样研究 SDN 控制平面的安全问题,而是重点关注 SDN 数据平面的安全问题,旨在研究识别、检测和缓解这些问题的最新机制。具体来说,本文回顾了 SDN 流量表溢出攻击的典型模型、检测和缓解方法。在回顾了 SDN 中的各种漏洞后,本文将流表溢出攻击分为饱和攻击、低速率表耗尽攻击和慢速饱和攻击,并总结了每类攻击的攻击模型、检测和缓解方法。本文回顾了可能导致流量表溢出的典型攻击,并提出了未来研究的主要挑战和开放性问题。
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
