Open Access Open Access  Restricted Access Subscription Access

Flow Table Overflow Attacks in Software Defined Networks: A Survey

Changqing Zhao,
Ling Xia Liao,
Han-Chieh Chao,
Roy Xiaorong Lai,
Miao Zhang,

Abstract


While Software-Defined Networks (SDNs) have separated control and data planes and completely decouple the flow control from the data forwarding to enable network flexibility, programmability, and innovation, they also raise serious security concerns in each plane and the interfaces between the two planes. This paper, instead of studying the security issues in the SDN control plane as many literatures have done in current research, focuses on the security issues in the SDN data plane, aiming at the state of the art mechanims to identify, detect, and mitigate them. Specifically, this paper reviews the typical models, detections, and mitigations of SDN flow table overflow attacks. After reviewing the various vulnerabilities in SDNs, this paper categorizes the flow table overflow attacks into saturation, low-rate table exhaustion, and slow saturation attacks, and summarizes the attack models, detections, and mitigations of each category. It reviews the typical attacks that can overflow the flow tables and provides the main challenges and open issues for the future research.

Keywords


SDN, Saturation attack, Low-rate table exhaustion attack, Slow saturation attack

Citation Format:
Changqing Zhao, Ling Xia Liao, Han-Chieh Chao, Roy Xiaorong Lai, Miao Zhang, "Flow Table Overflow Attacks in Software Defined Networks: A Survey," Journal of Internet Technology, vol. 24, no. 7 , pp. 1391-1401, Dec. 2023.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.




Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314  E-mail: jit.editorial@gmail.com