Research on preemptive overflow attack (POA). The "preemptive" indicates that attack flows preempt the flow entries of normal application flows by exploiting the flow entry eviction mechanism. The differences between POA and high-rate overflow attack (HROA) as well as low-rate overflow attack (LROA) are described in the following table.
| Method | Overflow rate | Flow features | Attack target |
|---|---|---|---|
| HROA | High | slow, intermittent | Overload SDN controller |
| LROA | Low | slow, persistent | Quietly consume flow entries |
| POA | Arbitrary | Fast, persistent | Consume and preempt flow entries |
- compare_attack_detection: results of comparing POA and HROA as well as LROA.
- compare_seg_mgmt: codes and results of table segmentation exp.
- compare_rule_replace: codes and results of flow eviction exp.
- compare_detection: codes and results of attack detection exp.
- resources: codes and results of resources assumption exp.
- data_txt: organized experimental results stored in txt files.
- figs: figures generated by draw.ipynb.
- The pcap files used for the experiments are excluded due to large file size. However, they are available for request.
- The majority of experiments described in the paper require online testing, making it difficult to detail every step. If you wish to reproduce the experiments, please detail DOI: 10.1109/ACCESS.2023.3330224 or contact us.