Towards saturation attack detection in SDN: a multi-edge representation learning-based method

Towards saturation attack detection in SDN: a multi-edge representation learning-based method

Abstract Saturation attack detection in Software-Defined Networking (SDN) focuses on identifying and mitigating flow table overflow attacks on switches and overload attacks on the SDN controller. These attacks can hinder the installation of legitimate flow entries in switches and may even exhaust th...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhangli Ji, Yunhe Cui, Yinyan Guo, Guowei Shen, Yi Chen, Chun Guo
Format: Article
Language:English
Published: Springer 2025-07-01
Series:Journal of King Saud University: Computer and Information Sciences
Subjects:
Saturation attack detection
SDN
Edge representation learning
Attention mechanism
Online Access:https://doi.org/10.1007/s44443-025-00149-5
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract Saturation attack detection in Software-Defined Networking (SDN) focuses on identifying and mitigating flow table overflow attacks on switches and overload attacks on the SDN controller. These attacks can hinder the installation of legitimate flow entries in switches and may even exhaust the controller’s resources, potentially leading to packet transmission failure. Although such threats are increasingly significant, network attack detection methods based on edge representation learning are still insufficiently studied. This study introduces a novel saturation attack detection method that leverages edge representation learning to enhance detection performance. The proposed method includes a novel graph construction strategy that generates Multi-edge Communication Flow Graphs (MCF-Graphs), and an edge representation learning model, Node-Edge Relationship GraphSAGE (NER-SAGE), for detecting saturation attack flows. MCF-Graphs effectively capture both the internal relationships among network flows and the associations between flows and network devices. NER-SAGE incorporates an attention mechanism to highlight the impact of flow edges on device node states in MCF-Graphs, and generates edge embeddings by aggregating information from both nodes and edges. Experiments conducted on two different network topologies demonstrate that the proposed method achieves high detection accuracy and strong graph representation capability, highlighting its effectiveness in identifying saturation attack flows.
ISSN:1319-1578
2213-1248

Similar Items