Abstract

Software Defined Network (SDN) provides efficient network management by decoupling two planes; the control plane and the data plane. However, although SDN provides efficient network management, it also causes several critical vulnerabilities. Especially, the lack of memory for a flow table in the data plane can be exploited to conduct a flow table overflow attack. This paper proposes a history-based dynamic timeout scheme to mitigate the flow table overflow attack. The proposed scheme dynamically sets up both hard timeout and idle timeout based on statistical history for each flow, which can quickly remove attack flows from a flow table. Consequently, it can keep the occupancy of the flow table low and secure the robustness against the flow table overflow attack. The experiment results show the proposed HSDT can mitigate the overflow attack with reasonable overhead.