A novel machine learning‐based classification approach to prevent flow table overflow attack in Software‐Defined Networking

Abstract

SummarySoftware‐defined networking (SDN) is an emerging networking architecture where the network control is physically separated from the forwarding plane. It is dynamic, manageable, cost‐effective, and flexible, which is ideal for today's high‐bandwidth applications. The flow table is the fundamental data structure residing in ternary content addressable memory (TCAM) that provides flow rules for incoming flows. The TCAM is the costliest part of an SDN switch that can store limited flow rules. Hence, it is susceptible to distributed denial of service (DDoS) and more specifically to Transformed DDoS (TDDoS). It targets the flow tables, exhausting its limited resource, and resulting in flow table overflow. During overflow, the controller is incapable of installing new rules to the switch, and the switch function is disabled from the network. In this paper, a novel framework named machine learning‐based overflow prevention (MLOP) was proposed which includes a victim switch was identified using association rule mining algorithm concepts. Then, the fuzzy C‐means (FCM) was applied to classify the attack in the victim switch. In addition, FCM ensemble with an optimizing method called dynamic time warping (DTW) which detects similar patterns in the time window during classification. Finally, an elbow method is used that determines the cluster count for optimizing clusters which increases the attack detection and also increases the holding time with reduced packet loss. The real‐time network traffic datasets were used for simulations, and the results were compared with other state‐of‐the‐art approaches. The experimental results show that MLOP increases the holding time by 15% on average and reduces the packet loss due to flow table Overflow by 22.81% than the other existing approaches. In addition, the throughput is increased in the proposed MLOP from 10% to 40%, and end‐to‐end delay is reduced between the variations of 10% to 70%.