Research on Table Overflow Ldos Attack Detection and Defense Method in Software Defined Networks

As the key and precious resource of the SDN switch, the TCAM flow table is one of the core targets of network attackers. Among various attack methods, Low-rate dos (Ldos) attacks can exhaust the target switch’s flow table resource with a very low attack rate, which degrades the network performance seriously. In order to detect the flow table overflow Ldos attacks in the SDN environment, we analyzed the two typical flow table overflow Ldos attack traffic models, and proposed a defense mechanism named SAIA (Small-flow Analysis and Inport-flow Analysis), which can detect the attack flows based on the flow size and position analysis method. Besides, we also implemented the traffic characteristics data acquisition and flow table overflow prediction algorithm. The experimental results show that SAIA can effectively detect the table overflow low-rate dos attacks and mitigate their impact on network performance.