Software-defined networking(SDN)decouples the data and control planes.However,attackers can lead catas-trophic results to the whole network using manipulated flooding packets,called the data-to-control-plane saturation attacks.The existing methods,using centralized mitigation policies and ignoring the buffered attack flows,involve extra network entities and make benign traffic suffer from long network recovery delays.For these purposes,we propose LFSDM,a satu-ration attack detection and mitigation system,which solves these challenges by leveraging three new techniques:1)using linear discriminant analysis(LDA)and extracting a novel feature called control channel occupation rate(CCOR)to detect the attacks,2)adopting the distributed mitigation agents to reduce the number of involved network entities and,3)cleaning up the buffered attack flows to enable fast recovery.Experiments show that our system can detect the attacks timely and accurately.More importantly,compared with the previous work,we save 81％of the network recovery delay under attacks ranging from 1 000 to 4 000 packets per second(PPS)on average,and 87％of the network recovery delay under higher attack rates with PPS ranging from 5 000 to 30 000.

Xuan-Bo Huang;Kai-Ping Xue;Yi-Tao Xing;Ding-Wen Hu;Ruidong Li;Qi-Bin Sun

School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230027,China;College of Science and Engineering,Kanazawa University,Kanazawa 920-1192,Japan

计算机科学技术学报（英文版）

[1]Xuan-Bo Huang;Kai-Ping Xue;Yi-Tao Xing;Ding-Wen Hu;Ruidong Li;Qi-Bin Sun-.An Efficient Scheme to Defend Data-to-Control-Plane Saturation Attacks in Software-Defined Networking)[J].计算机科学技术学报（英文版）,2022(04):839-851

Defend,catas,LFSDM

An,Efficient,Scheme,Data,Control,Plane,Saturation,Attacks,Software,Defined,Networking,defined,networking,SDN,decouples,data,control,planes,However,attackers,can,lead,trophic,results,whole,using,manipulated,flooding,packets,called,saturation,attacks,existing,methods,centralized,mitigation,policies,ignoring,buffered,flows,entities,make,benign,traffic,suffer,from,long,recovery,delays,For,these,purposes,propose,detection,system,which,solves,challenges,by,leveraging,three,new,techniques,linear,discriminant,analysis,LDA,extracting,novel,feature,channel,occupation,CCOR,adopting,distributed,agents,reduce,number,involved,cleaning,enable,fast,Experiments,show,that,our,timely,accurately,More,importantly,compared,previous,save,under,ranging,second,PPS,average,higher,rates

0.590522