A two-phase detection method against APT attack on flow table management in SDN

Long-term occupation of flow table can occur in the management mechanism of software-defined networking (SDN), which is a prerequisite for APT attacks. The task of detecting such APT attacks in existent research is mainly undertaken by the controller, which results in high computation overhead. To a...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of supercomputing Vol. 79; no. 14; pp. 15415 - 15434
Main Authors He, Xinfeng, Sun, Shuchao
Format Journal Article
LanguageEnglish
Published New York Springer US 01.09.2023
Springer Nature B.V
Subjects
Compilers
Computer Science
Controllers
Cybersecurity
Interpreters
Neural networks
Processor Architectures
Programming Languages
Software-defined networking
Software-defined networking
B-P neural network
Flow table management
APT attacks
Online AccessGet full text

Cover

More Information
Summary:Long-term occupation of flow table can occur in the management mechanism of software-defined networking (SDN), which is a prerequisite for APT attacks. The task of detecting such APT attacks in existent research is mainly undertaken by the controller, which results in high computation overhead. To address this problem, a two-phase detection method for APT attacks on flow table management (TMAF) is proposed in this paper. Firstly, the suspicious flow entries are pre-detected in the SDN switch according to the periodicity of the packet. Secondly, the five-dimensional features of suspicious flow entries are selected according to the characteristics of packets in load and frequency, and then the B-P neural network on the controller for further analysis. Experiments show that TMAF reduces the controller’s load and improves the detection efficiency and accuracy compared to existing works. Additionally, the potential risk of APT attacks can be reduced to a certain extent.
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-023-05281-5