SDN Security: Information Disclosure and Flow Table Overflow Attacks

Aditya Patwardhan, Deepthi Jayarama, Nitish Limaye, Shivaji Vidhale, Zarna Parekh, K. Harfoush
{"title":"SDN Security: Information Disclosure and Flow Table Overflow Attacks","authors":"Aditya Patwardhan, Deepthi Jayarama, Nitish Limaye, Shivaji Vidhale, Zarna Parekh, K. Harfoush","doi":"10.1109/GLOBECOM38437.2019.9014048","DOIUrl":null,"url":null,"abstract":"In this paper, we study some of the security pitfalls present in the OpenFlow protocol, which plays a central role in Software Defined Networks. Specifically, we introduce information disclosure attacks capable of identifying idle and hard timeout values, and the number of free entries in the flow tables at SDN switches. We then leverage this information to mount Denial of Service (DoS) attacks using a small number of packets and without flooding the SDN network, making it harder to detect. Experimental results indicate that mounting the proposed attack leads to delays and packet losses for legitimate flows. We further propose solutions to detect and mitigate similar attacks.","PeriodicalId":6868,"journal":{"name":"2019 IEEE Global Communications Conference (GLOBECOM)","volume":"18 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Global Communications Conference (GLOBECOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/GLOBECOM38437.2019.9014048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

In this paper, we study some of the security pitfalls present in the OpenFlow protocol, which plays a central role in Software Defined Networks. Specifically, we introduce information disclosure attacks capable of identifying idle and hard timeout values, and the number of free entries in the flow tables at SDN switches. We then leverage this information to mount Denial of Service (DoS) attacks using a small number of packets and without flooding the SDN network, making it harder to detect. Experimental results indicate that mounting the proposed attack leads to delays and packet losses for legitimate flows. We further propose solutions to detect and mitigate similar attacks.
SDN安全:信息泄露和流表溢出攻击
在本文中,我们研究了OpenFlow协议中存在的一些安全缺陷,它在软件定义网络中起着核心作用。具体来说,我们介绍了能够识别空闲和硬超时值的信息泄露攻击,以及SDN交换机流表中的空闲条目数。然后,我们利用这些信息使用少量数据包进行拒绝服务(DoS)攻击,而不会淹没SDN网络,使其更难被检测到。实验结果表明,提出的攻击会导致合法流的延迟和丢包。我们进一步提出了检测和减轻类似攻击的解决方案。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信