Flow Table Overflow Attacks in Software Defined Networks: A Survey

Flow Table Overflow Attacks in Software Defined Networks: A Survey

While Software-Defined Networks (SDNs) have separated control and data planes and completely decouple the flow control from the data forwarding to enable network flexibility, programmability, and innovation, they also raise serious security concerns in each plane and the interfaces between the two planes. This paper, instead of studying the security issues in the SDN control plane as many literatures have done in current research, focuses on the security issues in the SDN data plane, aiming at the state of the art mechanims to identify, detect, and mitigate them. Specifically, this paper reviews the typical models, detections, and mitigations of SDN flow table overflow attacks. After reviewing the various vulnerabilities in SDNs, this paper categorizes the flow table overflow attacks into saturation, low-rate table exhaustion, and slow saturation attacks, and summarizes the attack models, detections, and mitigations of each category. It reviews the typical attacks that can overflow the flow tables and provides the main challenges and open issues for the future research.