Protection against Flow Table Overflow Attack in Software Defined Networks

Abstract

In this paper, we propose a history-based dynamic timeout scheme to alleviate the flow table overflow attack which is one of typical attacks against Software Defined Networks (SDN). We investigated hard timeout and idle timeout used in OpenFlow which is the most popular protocol for SDN, and developed the proposed scheme that dynamically adjusts both hard timeout and idle timeout to reduce the number of flow rules. The experiment results shows it can protect SDN switches from the flow table overflow efficiently.