Abstract
In order to avoid the overflow problem of network flow table caused by hackers attacking the network in the process of using the network, a method for overflow attack defense of SDN network flow table based on stochastic differential equation is proposed. In this method, the stochastic differential equation is first proposed, and the drift coefficient and diffusion coefficient of the equation are expanded and adjusted by Taylor. By using the limit theorem, the spillover attack of SDN network is weakly converged to an approximate two-dimensional Markov diffusion process, and the improved stochastic differential equation is obtained. Then, according to the stochastic nature of SDN network attack, the stochastic differential equation is transformed into an amplitude equation, which is based on the amplitude. The equation establishes a SDN attack detection scheme based on flow table statistics, which detects the spillover attacks of SDN network flow tables. Finally, according to the test results, it is proposed to use other switches instead of network flow table overflow switches to control the data upload rate, thus reducing the possibility of network crash and meeting the attack defense requirements of flow table overflow. The simulation results show that the proposed method has better detection performance and shorter running time, and can provide help for network security related work.
Similar content being viewed by others
References
Cruz, T., Rosa, L., Proença, J., et al. (2017). A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236–2246.
Tao, L., Chi, H. L., Wang, W., et al. (2018). USA: Faster update for SDN-based Internet of Things sensory environments. Computer Communications, 120, S0140366417305868.
Zhu, W., Gao, D., Zhao, W., et al. (2017). SDN-enabled hybrid emergency message transmission architecture in internet-of-vehicles. Enterprise Information Systems, 12(2017), 1–21.
Xu, M. D., Gao, Y., & Cui, F. (2018). Distributed deception defense system based on SDN. Journal on Communications, 39(s2), 58–64.
Zhang, L. C., Wei, Q., Tang, X. C., et al. (2017). Path and port address hopping based SDN proactive defense technology. Journal of Computer Research and Development, 54(12), 2761–2771.
Chi, Y. P., Jiang, T. T., Dai, C. P., et al. (2017). Design and implementation of cloud platform intrusion prevention system based on software defined network. Journal of Computer Applications, 37(6), 1625–1629.
Zhang, X. (2017). Stochastic Volterra equations in Banach spaces and stochastic partial differential equation. Journal of Functional Analysis, 258(4), 1361–1425.
Fan, L. F., Wu, Z. J., Wan, Z., et al. (2017). Experimental investigation of thermal effects on dynamic behavior of granite. Applied Thermal Engineering, 125, 94–103.
Hajlaoui, N., Jabri, I., & Jemaa, M. B. (2018). An accurate two dimensional Markov chain model for IEEE 80211n DCF. Wireless Networks, 24(4), 1019–1031.
Li, C., Yan, W., Yuan, X., et al. (2018). Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN. International Journal of Communication Systems, 18(2), e3497.
Gang, W., Giannakis, G. B., & Eldar, Y. C. (2018). Solving systems of random quadratic equations via truncated amplitude flow. IEEE Transactions on Information Theory, 64(2), 773–794.
Hoque, N., Kashyap, H., & Bhattacharyya, D. K. (2017). Real-time DDoS attack detection using FPGA. Computer Communications, 110, 48–58.
Karimi, H., Mcauley, K. B. (2018) Bayesian objective functions for estimating parameters in nonlinear stochastic differential equation models with limited data. Industrial & Engineering Chemistry Research, 57(27): acs.iecr.8b00293.
Guo, Z., Liu, R., Yang, X., et al. (2017). STAR: Preventing flow-table overflow in software-defined networks. Computer Networks, 125, S1389128617301779.
Guo, Z., Yang, X., Liu, R., et al. (2018). Balancing flow table occupancy and link utilization in software-defined networks. Future Generation Computer Systems, 89: S0167739X18306666.
Pyskunov, S. O., Maksimyk, Y. V., & Valer, V. V. (2016). Finite element analysis of influence of non-homogenous temperature field on designed lifetime of spatial structural elements under creep conditions. Applied Mathematics & Nonlinear Sciences, 1(1), 253–262.
Li, C., Yan, W., Yuan, X., et al. (2017). Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN. International Journal of Communication Systems, 18(2), e3497.
Wang, Y., Bi, J., & Zhang, K. (2017). A tool for tracing network data plane via SDN/OpenFlow. Science China Information Sciences, 60(2), 022304.
Mu, T. Y., Al-Fuqaha, A., Shuaib, K., et al. (2018). SDN flow entry management using reinforcement learning. ACM Transactions on Autonomous and Adaptive Systems, 13(2), 1–23.
Awad, M. K., El-Shafei, M., Dimitriou, T., et al. (2017). Power-efficient routing for SDN with discrete link rates and size-limited flow tables: A tree-based particle swarm optimization approach. International Journal of Network Management, 2(12), e1972.
Lokesha, V., Deepika, T., Ranjini, P. S., et al. (2017). Operations of nanostructures via sdd, abc4 and ga5 indices. Applied Mathematics & Nonlinear Sciences, 2(1), 173–180.
Turewicz, M., Kohl, M., Ahrens, M. et al. (2017). BioInfra. Prot: A comprehensive proteomics workflow including data standardization, protein inference, expression analysis and data publication. Journal of Biotechnology, 261: S0168165617302869.
Acknowledgements
This research was supported by State key R&D Program Funding (project number: 2017YFB0802901) and Henan Soft Science Research Program (project number: 18240410108).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zhao, X., Wang, Q., Wu, Z. et al. Method for Overflow Attack Defense of SDN Network Flow Table Based on Stochastic Differential Equation. Wireless Pers Commun 117, 3431–3447 (2021). https://doi.org/10.1007/s11277-021-08086-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08086-y