SDN中面向流表溢出攻击检测的网络遥测调度方法

Network telemetry scheduling method for detecting flow table overflow attacks in SDN

针对基于固定周期或特定事件调度的网络遥测在流表溢出攻击检测中产生的数据冗余问题,提出了一种面向流表溢出攻击检测的网络遥测调度方法——F-Sense INT。F-Sense INT通过分析流表溢出攻击流的特征,在数据平面针对性地收集对用于流表溢出攻击检测的网络状态信息,在降低控制器资源及南向通道带宽占用的前提下减少遥测报告量。实验结果表明,与原生OVS系统相比,在仅增加1.13%的交换机CPU占用率和4.18%的内存占用率的情况下,F-Sense INT能有效地过滤网络中的非流表溢出攻击流,使遥测数据包数量减少。F-Sense INT显著提升了面向流表溢出攻击检测的网络遥测效率,同时也具备了较高的实用性。

This paper proposed a network telemetry scheduling method,F-Sense INT,aimed at solving the data redundancy issue caused by network telemetry scheduling based on fixed periods or specific event scheduling for detecting flow table overflow attacks.F-Sense INT analyzed the characteristics of flow table overflow attack traffic flows and collected network state information used for detecting such attacks.F-Sense INT decreased telemetry reporting volume while reducing the use of controller resources consumption and southbound channel bandwidth consumption.Experimental results demonstrate that F-Sense INT effectively filters out non-flow table overflow attack flows in the network.It reduces the quantity of telemetry data packets compared to the native OVS system,with only a 1.13%increase in switches CPU utilization and a 4.18%increase in memory usage.F-Sense INT significantly enhances network telemetry efficiency in the context of flow table overflow attack detection and offers high practicality.