The flow table is a critical component of Software-Defined Networking (SDN). However, flow tables’ limited capacity makes them highly vulnerable to flow table overflow attacks (FTOAs). Due to the low attack cost and highly flexible attack forms, it is hard to eradicate FTOAs. This paper addresses three unsolved problems for table security and proposes a robust defense accordingly. First, we reveal that the existing defenses with fixed defense speeds will cause severe packet loss when handling diverse traffic. We prove that deleting multiple rules can efficiently solve this problem and give a rigorous derivation to calculate the suitable deletion number according to the environment. Second, we illustrate that abnormal table occupancy squeezing is a constant characteristic of FTOAs regardless of attack forms. It can be used to identify attacked ports accurately in different scenarios. Third, we mathematically prove that random deletion can guarantee the continuous decrease of malicious flow rules after confirming attacked ports. It achieves fast speed and robust effectiveness in different environments. Based on these findings, we design rDefender, a robust and lightweight defense prototype. We evaluate its effect by designing diverse, powerful attacks and using real-world datasets and topology. The results demonstrate that it achieves the best overall performance compared to six existing mainstream defenses, providing stable security for switch flow tables.

中文翻译：

---

rDefender：一种轻量级且强大的 SDN 流表溢出攻击防御


流程表是软件定义网络 （SDN） 的关键组件。但是，流表的容量有限，因此极易受到流表溢出攻击 （FTOA）。由于攻击成本低且攻击形式高度灵活，因此很难根除 FTOA。本文解决了 table security 的三个未解决的问题，并据此提出了一种稳健的防御措施。首先，我们揭示了现有的固定防御速度的防御在处理多样化流量时会导致严重的丢包。我们证明了删除多条规则可以有效地解决这个问题，并给出一个严谨的推导，根据环境计算出合适的删除数。其次，我们说明了异常的表占用压缩是 FTOA 的恒定特征，无论攻击形式如何。可用于在不同场景下准确识别被攻击的端口。第三，我们从数学上证明，随机删除可以保证在确认被攻击端口后，恶意流规则的持续减少。它在不同环境中可实现快速的速度和强大的有效性。基于这些发现，我们设计了 rDefender，这是一种强大且轻量级的防御原型。我们通过设计多样化、强大的攻击并使用真实世界的数据集和拓扑来评估其影响。结果表明，与现有的 6 种主流防御相比，它的整体性能最佳，为交换机流表提供了稳定的安全保障。