Research On Detection And Mitigation Mechanism Of Flow Table Overflow Attack In SDN Scenario

Software defined network is a new network technology,which can solve the disadvantages of traditional distributed network architecture.However,network security issues are also increasing in this emerging architecture and flow table overflow attack is one of the most serious problems.However,because this attack has different characteristics from the traditional distributed denial of service attack,the current mainstream detection system has no good monitoring effect on this attack.Based on the analysis of the existing mitigation schemes of stream table overflow attack,this paper studies the better methods in detection accuracy,response speed and resource consumption.The main work is as follows:First,a Multi-Queue-based flow entry management and overflow scheme is proposed to reduce the impact of flow table overflow attack.The scheme divides flow entries into different priorities based on the number of flow entries matching packets,and maintains the flow entry order of each priority queue by using the LRU algorithm.When the flow table overflows due to attack,the malicious flow entry is preferentially evicted to ensure the survival rate of the legal flow entries.Based on this method,the overflow attack hazard of flow table can be effectively reduced.Next,A flow table overflow attack detection scheme is proposed based on aggregate flow characteristics.On the one hand,the detection system analyzes the network topology,reduces the detection range and reduces the resource utilization rate of the detection system by looking for the potential flow table attack object.On the other hand,a detection method based on the 3D vector of the aggregate flow feature is proposed based on the distribution,dispersion and rate characteristics of the aggregate flow.Improve the detection accuracy of the system.Last,an attack source suppression strategy is proposed based on dynamic bucket algorithm.The harm of attackers is reduced from the view of flow entry limitation,this scheme has a better suppression effect compared with the traditional rate limiting method.It reduces the influence of suppression strategy on legitimate users as much as possible,and at the same time,reduces the bad influence caused by sudden attack misjudgment behavior.