The fundamental innovation for Software Defined Network (SDN) is to dissociate the control plane from the data plane of the network devices and give central management over the network. SDN security is one of the serious challenges. Usually, the flow table of the SDN switches has a size limited due to the power-hungry and expensive features of Ternary Content Addressable Memory (TCAM), therefore makes it easier to be exploited by a flow table overloading attacks. The attacker has transmitted multiple flows to the controller, so the switch’s memory (TCAM) has flooded with controller replies. To protect SDN from flow table overloading attack, we proposed an algorithm based on entropy variation of new incoming flows. As a result, the flow table overloading attack is detected through 250 packets with detection rate 95% and Precision 96% successfully.
Volume 11 | 10-Special Issue
Pages: 752-759
DOI: 10.5373/JARDCS/V11SP10/20192866