An Approach for Protecting the OpenFlow Switch from the Saturation Attack
- DOI
- 10.2991/nceece-15.2016.135How to use a DOI?
- Keywords
- SDN; security; OpenFlow; cache; threshold
- Abstract
Security is always a serious issue influencing the development of Software-Defined Network (SDN). The central control mechanism makes the SDN controller a bottleneck of the network which is vulnerable to network saturation attack. In this paper, we propose an approach to defense this kind attack. Firstly, we add a miss matched packet cache module in the OpenFlow switch which can temporarily cache the packets that don’t match in the flow table. Besides, we apply the mechanism of separating the header and payload of packets in the cache queue once the switch detects the volume of cache queue exceeding the threshold of the cache size. In addition, the switch can classify the packets headers and send it in an alert message to the SDN controller for further processing. At last in the paper, we evaluate the effort of our proposed approach in Mininet. With our approach, the SDN network can effectively defend the network saturation attack.
- Copyright
- © 2016, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Mingxin Wang AU - Huachun Zhou AU - Jia Chen AU - Bo Tong PY - 2015/12 DA - 2015/12 TI - An Approach for Protecting the OpenFlow Switch from the Saturation Attack BT - Proceedings of the 2015 4th National Conference on Electrical, Electronics and Computer Engineering PB - Atlantis Press SP - 729 EP - 734 SN - 2352-5401 UR - https://doi.org/10.2991/nceece-15.2016.135 DO - 10.2991/nceece-15.2016.135 ID - Wang2015/12 ER -