Low-rate flow table overflow attack defense system based on two-level threshold in software-defined networks

Software-defined networks (SDN) separate traffic management and packet forwarding, allowing for network programmability. SDN has grown more vulnerable to network attacks as a result of its growing use in many facets of social production. Low-rate flow table overflow is a form of attack that targets...

Full description

Saved in:
Bibliographic Details
Published inExpert systems with applications Vol. 293; p. 128685
Main Authors Tang, Dan, Zuo, Chenguang, Li, Xinmeng, Tan, Pei, Zhang, Dongshuo, Qin, Zheng
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.12.2025
Subjects
Attack detection and mitigation
Flow table
Overflow attack
Software defined network
Two-level threshold
Overflow attack
Attack detection and mitigation
Flow table
Two-level threshold
Software defined network
Online AccessGet full text

Cover

Abstract Software-defined networks (SDN) separate traffic management and packet forwarding, allowing for network programmability. SDN has grown more vulnerable to network attacks as a result of its growing use in many facets of social production. Low-rate flow table overflow is a form of attack that targets SDN networks. A significant quantity of flow entries are put in the flow table as a result of sending fake malicious packets to the switch flow table. We provide a two-level threshold (DMS-BTT) based protection solution to counter this threat. DMS-BTT employs the Catboost method to detect LFTO attacks and identify malicious flows by extracting properties from the flow table and flow rules. The system sets two levels of thresholds for flow table utilization depending on the urgency of the flow table subject to LFTO attacks, corresponding to the malicious flow eviction mode and the flow table overflow prevention mode of the attack mitigation module. Finally, we conducted comprehensive experiments to verify that DMS-BTT can effectively mitigate LFTO attacks with low system overhead and limit the proportion of attack flows in total traffic to less than 10 %.
AbstractList Software-defined networks (SDN) separate traffic management and packet forwarding, allowing for network programmability. SDN has grown more vulnerable to network attacks as a result of its growing use in many facets of social production. Low-rate flow table overflow is a form of attack that targets SDN networks. A significant quantity of flow entries are put in the flow table as a result of sending fake malicious packets to the switch flow table. We provide a two-level threshold (DMS-BTT) based protection solution to counter this threat. DMS-BTT employs the Catboost method to detect LFTO attacks and identify malicious flows by extracting properties from the flow table and flow rules. The system sets two levels of thresholds for flow table utilization depending on the urgency of the flow table subject to LFTO attacks, corresponding to the malicious flow eviction mode and the flow table overflow prevention mode of the attack mitigation module. Finally, we conducted comprehensive experiments to verify that DMS-BTT can effectively mitigate LFTO attacks with low system overhead and limit the proportion of attack flows in total traffic to less than 10 %.
ArticleNumber 128685
Author Zhang, Dongshuo
Zuo, Chenguang
Li, Xinmeng
Tang, Dan
Qin, Zheng
Tan, Pei
Author_xml – sequence: 1
  givenname: Dan
  surname: Tang
  fullname: Tang, Dan
  email: Dtang@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
– sequence: 2
  givenname: Chenguang
  orcidid: 0009-0005-6133-6733
  surname: Zuo
  fullname: Zuo, Chenguang
  email: chenguangzuo@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
– sequence: 3
  givenname: Xinmeng
  surname: Li
  fullname: Li, Xinmeng
  email: lixinmeng@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
– sequence: 4
  givenname: Pei
  surname: Tan
  fullname: Tan, Pei
  email: tanpei@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
– sequence: 5
  givenname: Dongshuo
  surname: Zhang
  fullname: Zhang, Dongshuo
  email: zhangdongshuo@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
– sequence: 6
  givenname: Zheng
  surname: Qin
  fullname: Qin, Zheng
  email: zqin@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, 410082, China
BookMark eNp9kMtqwzAQRbVIoUnaH-hKP2B3JFuyAt2U0BcEumnXQpZHxIkjFUnE5O_rNF1ndRm4Z7icBZn54JGQBwYlAyYfdyWm0ZQcuCgZV1KJGZnDSjRFzZr6lixS2gGwBqCZk2ETxiKajNQNYaTZtAPScMT4d5qcjd3TDh36hDSdUsYDbU3CjgZP8xiKAY840LyNmLZh6GjvaQoujyZiMXG9n6oep2bcpzty48yQ8P4_l-T79eVr_V5sPt8-1s-bwnJR5cJJbq2sBdS2ax2wVgFHA0pxEHYlHLrKKSN4hQZXClvnqkZJlKJiNTiJ1ZLwy18bQ0oRnf6J_cHEk2agz470Tp8d6bMjfXE0QU8XCKdlxx6jTrZHb7HrI9qsu9Bfw38B_qB2pw
Cites_doi 10.1016/j.jnca.2024.103838
10.1109/TSC.2021.3102046
10.1007/s40860-022-00171-8
10.1109/TDSC.2021.3131531
10.1145/3556973
10.1109/TSC.2023.3266757
10.1109/TSC.2023.3325636
10.1016/j.comnet.2022.108802
10.1016/j.comnet.2024.110203
10.1016/j.comnet.2020.107223
10.1109/TDSC.2024.3522104
10.1109/TNSE.2023.3297650
10.1109/TNSE.2023.3236147
10.1109/JSAC.2021.3126053
10.3390/fi12090147
10.1109/TC.2025.3541143
10.1109/TSC.2024.3489437
10.1109/TNET.2018.2819507
10.1109/TNET.2022.3225211
10.1109/TSC.2016.2602861
10.1109/ACCESS.2020.2999668
10.1145/3704434
10.1109/TIFS.2023.3275768
ContentType Journal Article
Copyright 2025 Elsevier Ltd
Copyright_xml – notice: 2025 Elsevier Ltd
DBID AAYXX
CITATION
DOI 10.1016/j.eswa.2025.128685
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
ExternalDocumentID 10_1016_j_eswa_2025_128685
S0957417425023036
GroupedDBID --K
--M
.DC
.~1
0R~
13V
1B1
1RT
1~.
1~5
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
9JO
AAAKF
AABNK
AAEDT
AAEDW
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AARIN
AATTM
AAXKI
AAXUO
AAYFN
AAYWO
ABBOA
ABFNM
ABJNI
ABMAC
ABMVD
ABUCO
ACDAQ
ACGFS
ACHRH
ACNTT
ACRLP
ACVFH
ACZNC
ADBBV
ADCNI
ADEZE
ADTZH
AEBSH
AECPX
AEIPS
AEKER
AENEX
AEUPX
AFJKZ
AFPUW
AFTJW
AGCQF
AGHFR
AGUBO
AGUMN
AGYEJ
AHHHB
AHJVU
AHZHX
AIALX
AIEXJ
AIGII
AIIUN
AIKHN
AITUG
AKBMS
AKRWK
AKYEP
ALEQD
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
ANKPU
AOUOD
APLSM
APXCP
AXJTR
BJAXD
BKOJK
BLXMC
BNSAS
CS3
DU5
EBS
EFJIC
EFKBS
EO8
EO9
EP2
EP3
F5P
FDB
FIRID
FNPLU
FYGXN
G-Q
GBLVA
GBOLZ
HAMUX
IHE
J1W
JJJVA
KOM
MO0
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
ROL
RPZ
SDF
SDG
SDP
SDS
SES
SEW
SPC
SPCBC
SSB
SSD
SSL
SST
SSV
SSZ
T5K
TN5
~G-
29G
AAAKG
AAQXK
AAYXX
ABKBG
ABWVN
ABXDB
ACNNM
ACRPL
ADJOM
ADMUD
ADNMO
AGQPQ
ASPBG
AVWKF
AZFZN
CITATION
EJD
FEDTE
FGOYB
G-2
HLZ
HVGLF
HZ~
LG9
LY1
LY7
M41
R2-
RIG
SBC
SET
WUQ
XPP
ZMT
ID FETCH-LOGICAL-c253t-f62cc64504cdbf01b802ea088205c95fef3f8a523eae98ebff3786e653140f6e3
IEDL.DBID .~1
ISSN 0957-4174
IngestDate Thu Aug 14 00:21:22 EDT 2025
Sat Aug 30 17:13:15 EDT 2025
IsPeerReviewed true
IsScholarly true
Keywords Overflow attack
Attack detection and mitigation
Flow table
Two-level threshold
Software defined network
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c253t-f62cc64504cdbf01b802ea088205c95fef3f8a523eae98ebff3786e653140f6e3
ORCID 0009-0005-6133-6733
ParticipantIDs crossref_primary_10_1016_j_eswa_2025_128685
elsevier_sciencedirect_doi_10_1016_j_eswa_2025_128685
PublicationCentury 2000
PublicationDate 2025-12-01
2025-12-00
PublicationDateYYYYMMDD 2025-12-01
PublicationDate_xml – month: 12
  year: 2025
  text: 2025-12-01
  day: 01
PublicationDecade 2020
PublicationTitle Expert systems with applications
PublicationYear 2025
Publisher Elsevier Ltd
Publisher_xml – name: Elsevier Ltd
References Tang, Dai, Yan, Li, Liang, Qin (bib0022) 2024; 57
Himanshu, Saha, Das, De (bib0007) 2024
Liatifis, Sarigiannidis, Argyriou, Lagkas (bib0013) 2023; 55
Kim, Seo, Lee, Nam, Yegneswaran, Porras, Shin (bib0011) 2024; 241
Mininet (2010). Mininet.
Tang, Yan, Gao, Liang, Jin (bib0027) 2023; 18
Kandula, Sengupta, Greenberg, Patel, Chaiken (bib0010) 2009
Openvswitch (2016). Openvswith.
Pascoal, Fonseca, Nigam (bib0020) 2020; 173
Ryu (2010). Ryu.
Xie, Li, Wang, Cao, Xie, Wen, Qin (bib0031) 2018; 26
Yao, Wang, Xu, Zhang (bib0033) 2023; 10
Tang, Wang, Liu, Jin, Zhang (bib0025) 2023; 16
Tang, Wang, Li, Vijayakumar, Kumar (bib0026) 2023; 20
Tang, Liu, Li, Xiao, Liang, Zhang (bib0024) 2025; 22
Liu, Lu, Wang, Wang, Jia, Li (bib0014) 2024; 17
Dorogush, A. V., Ershov, V., & Gulin, A. (2018). Catboost: gradient boosting with categorical features support. arXiv preprint arXiv
Tang, Zhang, Yan, Chen, Qin (bib0029) 2022; 15
Cao, Xu, Li, Sun, Yang (bib0002) 2022; 31
Pascoal, Dantas, Fonseca, Nigam (bib0019) 2017
Tang, Dai, Zuo, Chen, Li, Qin (bib0023) 2025; 74
Lu, Liu, Jia, Zhang, Wang, Wang (bib0015) 2024; 17
.
Isyaku, Mohd Zahid, Bte Kamat, Abu Bakar, Ghaleb (bib0009) 2020; 12
Guo, Matta (bib0006) 2001
Tang, Yan, Zhang, Chen, Qin (bib0028) 2022; 40
Cao, Xu, Li, Sun, Yang, Zheng (bib0003) 2018
Indrason, Saha (bib0008) 2024; 224
Kong, Wu, Shen, Chen, Liu, Zhang (bib0012) 2022
Tang, Zheng, Li, Yin, Liang, Zhang (bib0030) 2024; 11
bigFlows.pcap (2016). bigflows.pcap.
Yuan, Zou, Yu, Jin, Qiang, Shen (bib0034) 2016; 12
Yue, Wang, Liu, Wu (bib0035) 2020; 8
Deb, Roy (bib0004) 2022; 206
Maleh, Qasmaoui, El Gholami, Sadqi, Mounir (bib0016) 2023; 9
Xu, Huang, Chen, Zhao (bib0032) 2017
Cao (10.1016/j.eswa.2025.128685_bib0003) 2018
10.1016/j.eswa.2025.128685_bib0001
Lu (10.1016/j.eswa.2025.128685_bib0015) 2024; 17
Liatifis (10.1016/j.eswa.2025.128685_bib0013) 2023; 55
10.1016/j.eswa.2025.128685_bib0005
Deb (10.1016/j.eswa.2025.128685_bib0004) 2022; 206
Tang (10.1016/j.eswa.2025.128685_bib0028) 2022; 40
Tang (10.1016/j.eswa.2025.128685_bib0026) 2023; 20
Kim (10.1016/j.eswa.2025.128685_bib0011) 2024; 241
Kong (10.1016/j.eswa.2025.128685_bib0012) 2022
Maleh (10.1016/j.eswa.2025.128685_bib0016) 2023; 9
Yue (10.1016/j.eswa.2025.128685_bib0035) 2020; 8
10.1016/j.eswa.2025.128685_bib0021
Pascoal (10.1016/j.eswa.2025.128685_bib0019) 2017
Guo (10.1016/j.eswa.2025.128685_bib0006) 2001
Himanshu (10.1016/j.eswa.2025.128685_bib0007) 2024
Kandula (10.1016/j.eswa.2025.128685_bib0010) 2009
10.1016/j.eswa.2025.128685_bib0018
Indrason (10.1016/j.eswa.2025.128685_bib0008) 2024; 224
10.1016/j.eswa.2025.128685_bib0017
Xu (10.1016/j.eswa.2025.128685_bib0032) 2017
Tang (10.1016/j.eswa.2025.128685_bib0022) 2024; 57
Pascoal (10.1016/j.eswa.2025.128685_bib0020) 2020; 173
Tang (10.1016/j.eswa.2025.128685_bib0030) 2024; 11
Cao (10.1016/j.eswa.2025.128685_bib0002) 2022; 31
Yuan (10.1016/j.eswa.2025.128685_bib0034) 2016; 12
Tang (10.1016/j.eswa.2025.128685_bib0025) 2023; 16
Yao (10.1016/j.eswa.2025.128685_bib0033) 2023; 10
Tang (10.1016/j.eswa.2025.128685_bib0024) 2025; 22
Tang (10.1016/j.eswa.2025.128685_bib0029) 2022; 15
Xie (10.1016/j.eswa.2025.128685_bib0031) 2018; 26
Isyaku (10.1016/j.eswa.2025.128685_bib0009) 2020; 12
Liu (10.1016/j.eswa.2025.128685_bib0014) 2024; 17
Tang (10.1016/j.eswa.2025.128685_bib0023) 2025; 74
Tang (10.1016/j.eswa.2025.128685_bib0027) 2023; 18
References_xml – volume: 17
  start-page: 990
  year: 2024
  end-page: 1000
  ident: bib0015
  article-title: Incentivizing proportional fairness for multi-task allocation in crowdsensing
  publication-title: IEEE Transactions on Services Computing
– start-page: 17
  year: 2017
  end-page: 31
  ident: bib0019
  article-title: Slow TCAM exhaustion DDos attack
  publication-title: ICT systems security and privacy protection: 32nd ifip tc 11 international conference, sec 2017, Rome, Italy, May 29–31, 2017, proceedings 32
– volume: 17
  start-page: 3672
  year: 2024
  end-page: 3684
  ident: bib0014
  article-title: Fedup: Bridging fairness and efficiency in cross-silo federated learning
  publication-title: IEEE Transactions on Services Computing
– volume: 74
  start-page: 1758
  year: 2025
  end-page: 1770
  ident: bib0023
  article-title: A low-rate dos attack miti gation scheme based on port and traffic state in SDN
  publication-title: IEEE Transactions on Computers
– start-page: 4167
  year: 2022
  end-page: 4172
  ident: bib0012
  article-title: Tableguard: A novel security mechanism against flow table overflow attacks in SDN
  publication-title: Globecom 2022–2022 IEEE global communications conference
– volume: 12
  start-page: 231
  year: 2016
  end-page: 246
  ident: bib0034
  article-title: Defending against flow table overloading attack in software-defined networks
  publication-title: IEEE Transactions on Services Computing
– volume: 31
  start-page: 1416
  year: 2022
  end-page: 1431
  ident: bib0002
  article-title: The loft attack: Overflowing SDN flow tables at a low rate
  publication-title: IEEE/ACM Transactions on Networking
– reference: Mininet (2010). Mininet.
– volume: 57
  start-page: 1
  year: 2024
  end-page: 32
  ident: bib0022
  article-title: When sdn meets low-rate threats: A survey of attacks and countermeasures in programmable networks
  publication-title: ACM Computing Surveys
– volume: 20
  start-page: 273
  year: 2023
  end-page: 287
  ident: bib0026
  article-title: Akn-fgd: Adaptive kohonen network based fine-grained detection of ldos attacks
  publication-title: IEEE Transactions on Dependable and Secure Computing
– volume: 18
  start-page: 3143
  year: 2023
  end-page: 3157
  ident: bib0027
  article-title: LtRFT: Mitigate the low-rate data plane DDos attack with learning-to-rank enabled flow tables
  publication-title: IEEE Transactions on Information Forensics and Security
– volume: 173
  year: 2020
  ident: bib0020
  article-title: Slow denial-of-service attacks on software defined networks
  publication-title: Computer Networks
– volume: 22
  start-page: 2855
  year: 2025
  end-page: 2872
  ident: bib0024
  article-title: Pluto: A robust ldos attack defense system executing at line speed
  publication-title: IEEE Transactions on Dependable and Secure Computing
– reference: Dorogush, A. V., Ershov, V., & Gulin, A. (2018). Catboost: gradient boosting with categorical features support. arXiv preprint arXiv:
– volume: 10
  start-page: 1863
  year: 2023
  end-page: 1879
  ident: bib0033
  article-title: Lightweight per-flow traffic measurement using improved LRU list
  publication-title: IEEE Transactions on Network Science and Engineering
– reference: bigFlows.pcap (2016). bigflows.pcap.
– volume: 241
  year: 2024
  ident: bib0011
  article-title: Enhancing security in SDN: Systematizing attacks and defenses from a penetration perspective
  publication-title: Computer Networks
– reference: Openvswitch (2016). Openvswith.
– volume: 206
  year: 2022
  ident: bib0004
  article-title: A comprehensive survey of vulnerability and information security in SDN
  publication-title: Computer Networks
– start-page: 180
  year: 2001
  end-page: 188
  ident: bib0006
  article-title: The war between mice and elephants
  publication-title: Proceedings ninth international conference on network protocols. ICNP 2001
– start-page: 1
  year: 2017
  end-page: 9
  ident: bib0032
  article-title: Scalable software-defined networking through hybrid switching
  publication-title: IEEE infocom 2017-IEEE conference on computer communications
– start-page: 232
  year: 2024
  end-page: 241
  ident: bib0007
  article-title: A network segmentation architecture for flow aggregation and DDos mitigation in SDN using RAPID flow rules
  publication-title: Proceedings of the 25th international conference on distributed computing and networking
– start-page: 202
  year: 2009
  end-page: 208
  ident: bib0010
  article-title: The nature of data center traffic: Measurements & analysis
  publication-title: Proceedings of the 9th ACM SIGCOMM conference on internet measurement
– volume: 26
  start-page: 1222
  year: 2018
  end-page: 1235
  ident: bib0031
  article-title: On-line anomaly detection with high accuracy
  publication-title: IEEE/ACM Transactions on Networking
– volume: 15
  start-page: 3471
  year: 2022
  end-page: 3484
  ident: bib0029
  article-title: Real-time detection and mitigation of LDos attacks in the SDN using the HGB-FP algorithm
  publication-title: IEEE Transactions on Services Computing
– reference: .
– volume: 8
  start-page: 104688
  year: 2020
  end-page: 104700
  ident: bib0035
  article-title: Detecting dos attacks based on multi-features in SDN
  publication-title: IEEE Access
– start-page: 356
  year: 2018
  end-page: 376
  ident: bib0003
  article-title: Disrupting SDN via the data plane: A low-rate flow table overflow attack
  publication-title: Security and privacy in communication networks: 13th international conference, securecomm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, proceedings 13
– volume: 55
  start-page: 1
  year: 2023
  end-page: 37
  ident: bib0013
  article-title: Advancing SDN from openflow to P4: A survey
  publication-title: ACM Computing Surveys
– volume: 224
  year: 2024
  ident: bib0008
  article-title: Exploring blockchain-driven security in SDN-based iot networks
  publication-title: Journal of Network and Computer Applications
– volume: 40
  start-page: 428
  year: 2022
  end-page: 444
  ident: bib0028
  article-title: Performance and features: Mitigating the low-rate TCP-targeted dos attack via SDN
  publication-title: IEEE Journal on Selected Areas in Communications
– volume: 11
  start-page: 2524
  year: 2024
  end-page: 2536
  ident: bib0030
  article-title: Ftop: An efficient flow table overflow preventing system for switches in sdn
  publication-title: IEEE Transactions on Network Science and Engineering
– volume: 9
  start-page: 201
  year: 2023
  end-page: 239
  ident: bib0016
  article-title: A comprehensive survey on SDN security: Threats, mitigations, and future directions
  publication-title: Journal of Reliable Intelligent Environments
– volume: 16
  start-page: 3373
  year: 2023
  end-page: 3384
  ident: bib0025
  article-title: Gasf-ipp: Detection and mitigation of ldos attack in sdn
  publication-title: IEEE Transactions on Services Computing
– reference: Ryu (2010). Ryu.
– volume: 12
  start-page: 147
  year: 2020
  ident: bib0009
  article-title: Software defined networking flow table management of openflow switches performance and security challenges: A survey
  publication-title: Future Internet
– volume: 224
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0008
  article-title: Exploring blockchain-driven security in SDN-based iot networks
  publication-title: Journal of Network and Computer Applications
  doi: 10.1016/j.jnca.2024.103838
– volume: 15
  start-page: 3471
  issue: 6
  year: 2022
  ident: 10.1016/j.eswa.2025.128685_bib0029
  article-title: Real-time detection and mitigation of LDos attacks in the SDN using the HGB-FP algorithm
  publication-title: IEEE Transactions on Services Computing
  doi: 10.1109/TSC.2021.3102046
– start-page: 1
  year: 2017
  ident: 10.1016/j.eswa.2025.128685_bib0032
  article-title: Scalable software-defined networking through hybrid switching
– volume: 9
  start-page: 201
  issue: 2
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0016
  article-title: A comprehensive survey on SDN security: Threats, mitigations, and future directions
  publication-title: Journal of Reliable Intelligent Environments
  doi: 10.1007/s40860-022-00171-8
– ident: 10.1016/j.eswa.2025.128685_bib0018
– volume: 20
  start-page: 273
  issue: 1
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0026
  article-title: Akn-fgd: Adaptive kohonen network based fine-grained detection of ldos attacks
  publication-title: IEEE Transactions on Dependable and Secure Computing
  doi: 10.1109/TDSC.2021.3131531
– start-page: 202
  year: 2009
  ident: 10.1016/j.eswa.2025.128685_bib0010
  article-title: The nature of data center traffic: Measurements & analysis
– volume: 55
  start-page: 1
  issue: 9
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0013
  article-title: Advancing SDN from openflow to P4: A survey
  publication-title: ACM Computing Surveys
  doi: 10.1145/3556973
– volume: 16
  start-page: 3373
  issue: 5
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0025
  article-title: Gasf-ipp: Detection and mitigation of ldos attack in sdn
  publication-title: IEEE Transactions on Services Computing
  doi: 10.1109/TSC.2023.3266757
– start-page: 4167
  year: 2022
  ident: 10.1016/j.eswa.2025.128685_bib0012
  article-title: Tableguard: A novel security mechanism against flow table overflow attacks in SDN
– volume: 17
  start-page: 990
  issue: 3
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0015
  article-title: Incentivizing proportional fairness for multi-task allocation in crowdsensing
  publication-title: IEEE Transactions on Services Computing
  doi: 10.1109/TSC.2023.3325636
– start-page: 356
  year: 2018
  ident: 10.1016/j.eswa.2025.128685_bib0003
  article-title: Disrupting SDN via the data plane: A low-rate flow table overflow attack
– ident: 10.1016/j.eswa.2025.128685_bib0021
– volume: 206
  year: 2022
  ident: 10.1016/j.eswa.2025.128685_bib0004
  article-title: A comprehensive survey of vulnerability and information security in SDN
  publication-title: Computer Networks
  doi: 10.1016/j.comnet.2022.108802
– volume: 241
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0011
  article-title: Enhancing security in SDN: Systematizing attacks and defenses from a penetration perspective
  publication-title: Computer Networks
  doi: 10.1016/j.comnet.2024.110203
– volume: 173
  year: 2020
  ident: 10.1016/j.eswa.2025.128685_bib0020
  article-title: Slow denial-of-service attacks on software defined networks
  publication-title: Computer Networks
  doi: 10.1016/j.comnet.2020.107223
– start-page: 232
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0007
  article-title: A network segmentation architecture for flow aggregation and DDos mitigation in SDN using RAPID flow rules
– volume: 22
  start-page: 2855
  issue: 3
  year: 2025
  ident: 10.1016/j.eswa.2025.128685_bib0024
  article-title: Pluto: A robust ldos attack defense system executing at line speed
  publication-title: IEEE Transactions on Dependable and Secure Computing
  doi: 10.1109/TDSC.2024.3522104
– volume: 11
  start-page: 2524
  issue: 3
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0030
  article-title: Ftop: An efficient flow table overflow preventing system for switches in sdn
  publication-title: IEEE Transactions on Network Science and Engineering
  doi: 10.1109/TNSE.2023.3297650
– ident: 10.1016/j.eswa.2025.128685_bib0017
– start-page: 180
  year: 2001
  ident: 10.1016/j.eswa.2025.128685_bib0006
  article-title: The war between mice and elephants
– start-page: 17
  year: 2017
  ident: 10.1016/j.eswa.2025.128685_bib0019
  article-title: Slow TCAM exhaustion DDos attack
– volume: 10
  start-page: 1863
  issue: 4
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0033
  article-title: Lightweight per-flow traffic measurement using improved LRU list
  publication-title: IEEE Transactions on Network Science and Engineering
  doi: 10.1109/TNSE.2023.3236147
– volume: 40
  start-page: 428
  issue: 1
  year: 2022
  ident: 10.1016/j.eswa.2025.128685_bib0028
  article-title: Performance and features: Mitigating the low-rate TCP-targeted dos attack via SDN
  publication-title: IEEE Journal on Selected Areas in Communications
  doi: 10.1109/JSAC.2021.3126053
– volume: 12
  start-page: 147
  issue: 9
  year: 2020
  ident: 10.1016/j.eswa.2025.128685_bib0009
  article-title: Software defined networking flow table management of openflow switches performance and security challenges: A survey
  publication-title: Future Internet
  doi: 10.3390/fi12090147
– volume: 74
  start-page: 1758
  issue: 5
  year: 2025
  ident: 10.1016/j.eswa.2025.128685_bib0023
  article-title: A low-rate dos attack miti gation scheme based on port and traffic state in SDN
  publication-title: IEEE Transactions on Computers
  doi: 10.1109/TC.2025.3541143
– ident: 10.1016/j.eswa.2025.128685_bib0001
– volume: 17
  start-page: 3672
  issue: 6
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0014
  article-title: Fedup: Bridging fairness and efficiency in cross-silo federated learning
  publication-title: IEEE Transactions on Services Computing
  doi: 10.1109/TSC.2024.3489437
– ident: 10.1016/j.eswa.2025.128685_bib0005
– volume: 26
  start-page: 1222
  issue: 3
  year: 2018
  ident: 10.1016/j.eswa.2025.128685_bib0031
  article-title: On-line anomaly detection with high accuracy
  publication-title: IEEE/ACM Transactions on Networking
  doi: 10.1109/TNET.2018.2819507
– volume: 31
  start-page: 1416
  issue: 3
  year: 2022
  ident: 10.1016/j.eswa.2025.128685_bib0002
  article-title: The loft attack: Overflowing SDN flow tables at a low rate
  publication-title: IEEE/ACM Transactions on Networking
  doi: 10.1109/TNET.2022.3225211
– volume: 12
  start-page: 231
  issue: 2
  year: 2016
  ident: 10.1016/j.eswa.2025.128685_bib0034
  article-title: Defending against flow table overloading attack in software-defined networks
  publication-title: IEEE Transactions on Services Computing
  doi: 10.1109/TSC.2016.2602861
– volume: 8
  start-page: 104688
  year: 2020
  ident: 10.1016/j.eswa.2025.128685_bib0035
  article-title: Detecting dos attacks based on multi-features in SDN
  publication-title: IEEE Access
  doi: 10.1109/ACCESS.2020.2999668
– volume: 57
  start-page: 1
  issue: 4
  year: 2024
  ident: 10.1016/j.eswa.2025.128685_bib0022
  article-title: When sdn meets low-rate threats: A survey of attacks and countermeasures in programmable networks
  publication-title: ACM Computing Surveys
  doi: 10.1145/3704434
– volume: 18
  start-page: 3143
  year: 2023
  ident: 10.1016/j.eswa.2025.128685_bib0027
  article-title: LtRFT: Mitigate the low-rate data plane DDos attack with learning-to-rank enabled flow tables
  publication-title: IEEE Transactions on Information Forensics and Security
  doi: 10.1109/TIFS.2023.3275768
SSID ssj0017007
Score 2.475939
Snippet Software-defined networks (SDN) separate traffic management and packet forwarding, allowing for network programmability. SDN has grown more vulnerable to...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 128685
SubjectTerms Attack detection and mitigation
Flow table
Overflow attack
Software defined network
Two-level threshold
Title Low-rate flow table overflow attack defense system based on two-level threshold in software-defined networks
URI https://dx.doi.org/10.1016/j.eswa.2025.128685
Volume 293
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV09T8MwELVQWVj4RpSPygMbcpvGdpKOCFGVzwUqdYuc-CwVqgTRoGz8du7qBIGEGBgdxVL0zr57Vp7fMXYWhkYqI60wEA2phZkSoyTMhYvAIEHAZb3y7rx_iCZTdTPTszV22d6FIVllk_t9Tl9l6-bJoEFz8DqfDx6RHGA5xKOdJh4tyXZbqZhWef_jS-ZB9nOx99uLBb3dXJzxGi9Y1uQ9FOo-pumI-in_Vpy-FZzxNttsmCK_8B-zw9ag2GVbbRcG3mzKPba4K2tBhg_cLcqaV3QXipMwczU0VWXyF27B4XkVuDdu5lS7LC8LXtWlWJBuiFcY1CX9i-Lzgi8xOdfmDQTOQxpqeeHV4st9Nh1fPV1ORNNDQeShlhViHuZ5pHSgcpu5YJglQQiGeHWg85F24KRLDJ5GwcAogcw5GScRRLg1VYABkwesU5QFHDLuYggiazIpAzKhMxjhJLTKOJ1ZUDLrsvMWvPTVW2WkrYbsOSWoU4I69VB3mW7xTX8EPMVc_se8o3_OO2YbNPJKlBPWqd7e4RT5RJX1Vgumx9Yvrm8nD5_doMwQ
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwtV07T9xAEB4RKJIm7yiEkGwRKrSc2df5ihQRCTrgoAlIdM7anpWOnGyEHVlp-FP5g5m5tVGQIgokSttaa_fzaB7yN98AfFLKa-N1KT26XR5hZuQkVYUMDj0lCGTWS-3O4xM3PTOH5_Z8Bf4MvTBMq-x9f_TpS2_d3xn1aI4u5_PRd0oOKBxSaWc5j9auZ1Ye4e-O6rbm88FX-shbSu1_O92byn60gCyU1S1tRRWFMzYxRZmHZDdPE4We083EFhMbMOiQeirS0OMkxTwEPU4dOrJYk9A5NL33EawZchc8NmHn-oZXwnp34yjwN5a8vb5TJ5LKsOlY7EjZHYoLjgc4_y8a_hPh9p_D0z41FV_i6V_AClYv4dkw9kH0XuAVLGZ1J1lhQoRF3YmWm68EM0GXl75tffFTlBioQEYRlaIFB8tS1JVou1oumKgkWrKihn9-iXklGooGnb9CSeso7y1FFenpzWs4exBk38BqVVf4FkQYY-JKn2udsOqdJ5NKVWl8sHmJRufrsD2Al11GbY5sIK1dZAx1xlBnEep1sAO-2S0Lyyh43LHu3T3XfYTH09PjWTY7ODnagCf8JNJg3sNqe_ULNymZafMPS-MR8OOhrfUvDVsIUw
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Low-rate+flow+table+overflow+attack+defense+system+based+on+two-level+threshold+in+software-defined+networks&rft.jtitle=Expert+systems+with+applications&rft.au=Tang%2C+Dan&rft.au=Zuo%2C+Chenguang&rft.au=Li%2C+Xinmeng&rft.au=Tan%2C+Pei&rft.date=2025-12-01&rft.pub=Elsevier+Ltd&rft.issn=0957-4174&rft.volume=293&rft_id=info:doi/10.1016%2Fj.eswa.2025.128685&rft.externalDocID=S0957417425023036
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0957-4174&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0957-4174&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0957-4174&client=summon