SDN Security: Information Disclosure and Flow Table Overflow Attacks
IEEE Global Communications Conference(2019)
摘要
In this paper, we study some of the security pitfalls present in the OpenFlow protocol, which plays a central role in Software Defined Networks. Specifically, we introduce information disclosure attacks capable of identifying idle and hard timeout values, and the number of free entries in the flow tables at SDN switches. We then leverage this information to mount Denial of Service (DoS) attacks using a small number of packets and without flooding the SDN network, making it harder to detect. Experimental results indicate that mounting the proposed attack leads to delays and packet losses for legitimate flows. We further propose solutions to detect and mitigate similar attacks.
更多查看译文
关键词
SDN security,OpenFlow,Overflow attacks,Flow tables
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要