Flora: flow table low-rate overflow reconnaissance and detection in SDNShow others and affiliations
2024 (English)In: IEEE Transactions on Network and Service Management, E-ISSN 1932-4537Article in journal (Refereed) Epub ahead of print
Abstract [en]
SDN has evolved to revolutionize next-generation networks, offering programmability for on-the-fly service provisioning, primarily supported by the OpenFlow (OF) protocol. The limited storage capacity of Ternary Content Addressable Memory (TCAM) for storing flow tables in OF switches introduces vulnerabilities, notably the Low-Rate Flow Table Overflow (LOFT) attacks. LOFT exploits the flow table’s storage capacity by occupying a substantial amount of space with malicious flow, leading to a gradual degradation in the flow-forwarding performance of OF switches. To mitigate this threat, we propose FloRa, a machine learning-based solution designed for monitoring and detecting LOFT attacks in SDN. FloRa continuously examines and determines the status of the flow table by closely examining the features of the flow table entries. When suspicious activity is identified, FloRa promptly activates the machine-learning based detection module. The module monitors flow properties, identifies malicious flows, and blacklists them, facilitating their eviction from the flow table. Incorporating novel features such as Packet Arrival Frequency, Content Relevance Score, and Possible Spoofed IP along with Cat Boost employed as the attack detection method. The proposed method reduces CPU overhead, memory overhead, and classification latency significantly and achieves a detection accuracy of 99.49% which is more than the state-of-the-art methods to the best of our knowledge. This approach not only protects the integrity of the flow tables but also guarantees the uninterrupted flow of legitimate traffic. Experimental results indicate the effectiveness of FloRa in LOFT attack detection, ensuring uninterrupted data forwarding and continuous availability of flow table resources in SDN.
Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2024.
Keywords [en]
Control systems, Degradation, Denial-of-service attack, Feature extraction, Flora, flow table overflow, low-rate attack, Prevention and mitigation, Protocols, SDN
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:umu:diva-229374DOI: 10.1109/TNSM.2024.3446178Scopus ID: 2-s2.0-85201789065OAI: oai:DiVA.org:umu-229374DiVA, id: diva2:1897411
Funder
The Kempe Foundations, SMK21-0061Wallenberg AI, Autonomous Systems and Software Program (WASP)Knut and Alice Wallenberg FoundationEU, Horizon Europe2024-09-132024-09-132024-09-13