A Hybrid Intrusion Detection System for Mitigating Flow Table Buffer Saturation Attacks in Software-Defined Networking

A Hybrid Intrusion Detection System for Mitigating Flow Table Buffer Saturation Attacks in Software-Defined Networking

연구 분야: Networking

학회: SN Computer Science

Software-defined networking (SDN) introduces programmable and flexible control mechanisms that decouple the control and data planes. However, this architecture is vulnerable to specific security threats, notably flow table buffer saturation attacks, which exploit the limited ternary content addressable memory in OpenFlow switches to exhaust flow entries, thereby degrading network performance. To address this, we propose a hybrid intrusion detection system (IDS) that integrates Snort, a signature-based detection engine, with a support vector machine (SVM) classifier for anomaly-based detection. The hybrid model is deployed in a dual topology SDN environment and is managed by the Ryu controller, where Snort monitors mirrored traffic for known threats and SVM classifies flow patterns to detect abnormal behavior. Experimental evaluations demonstrate that the proposed Hybrid IDS achieves superior detection performance with 99.43% accuracy, 99.1% precision, 99.2% recall, and a false alarm rate of 0.02, outperforming conventional IDS and machine learning-based approaches. This architecture ensures high detection rates with minimal controller overhead, making it a scalable and robust solution for securing SDN infrastructures against both known and emerging threats.