Towards saturation attack detection in SDN: a multi-edge representation learning-based method
Abstract Saturation attack detection in Software-Defined Networking (SDN) focuses on identifying and mitigating flow table overflow attacks on switches and overload attacks on the SDN controller. These attacks can hinder the installation of legitimate flow entries in switches and may even exhaust th...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-07-01
|
| Series: | Journal of King Saud University: Computer and Information Sciences |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s44443-025-00149-5 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849332234198188032 |
|---|---|
| author | Zhangli Ji Yunhe Cui Yinyan Guo Guowei Shen Yi Chen Chun Guo |
| author_facet | Zhangli Ji Yunhe Cui Yinyan Guo Guowei Shen Yi Chen Chun Guo |
| author_sort | Zhangli Ji |
| collection | DOAJ |
| description | Abstract Saturation attack detection in Software-Defined Networking (SDN) focuses on identifying and mitigating flow table overflow attacks on switches and overload attacks on the SDN controller. These attacks can hinder the installation of legitimate flow entries in switches and may even exhaust the controller’s resources, potentially leading to packet transmission failure. Although such threats are increasingly significant, network attack detection methods based on edge representation learning are still insufficiently studied. This study introduces a novel saturation attack detection method that leverages edge representation learning to enhance detection performance. The proposed method includes a novel graph construction strategy that generates Multi-edge Communication Flow Graphs (MCF-Graphs), and an edge representation learning model, Node-Edge Relationship GraphSAGE (NER-SAGE), for detecting saturation attack flows. MCF-Graphs effectively capture both the internal relationships among network flows and the associations between flows and network devices. NER-SAGE incorporates an attention mechanism to highlight the impact of flow edges on device node states in MCF-Graphs, and generates edge embeddings by aggregating information from both nodes and edges. Experiments conducted on two different network topologies demonstrate that the proposed method achieves high detection accuracy and strong graph representation capability, highlighting its effectiveness in identifying saturation attack flows. |
| format | Article |
| id | doaj-art-c1e247db68fb4f79adbdd019066cdb3a |
| institution | Kabale University |
| issn | 1319-1578 2213-1248 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Springer |
| record_format | Article |
| series | Journal of King Saud University: Computer and Information Sciences |
| spelling | doaj-art-c1e247db68fb4f79adbdd019066cdb3a2025-08-20T03:46:16ZengSpringerJournal of King Saud University: Computer and Information Sciences1319-15782213-12482025-07-0137612210.1007/s44443-025-00149-5Towards saturation attack detection in SDN: a multi-edge representation learning-based methodZhangli Ji0Yunhe Cui1Yinyan Guo2Guowei Shen3Yi Chen4Chun Guo5Engineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityEngineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityEngineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityEngineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityEngineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityEngineering Research Center of Text Computing & Cognitive Intelligence, Guizhou UniversityAbstract Saturation attack detection in Software-Defined Networking (SDN) focuses on identifying and mitigating flow table overflow attacks on switches and overload attacks on the SDN controller. These attacks can hinder the installation of legitimate flow entries in switches and may even exhaust the controller’s resources, potentially leading to packet transmission failure. Although such threats are increasingly significant, network attack detection methods based on edge representation learning are still insufficiently studied. This study introduces a novel saturation attack detection method that leverages edge representation learning to enhance detection performance. The proposed method includes a novel graph construction strategy that generates Multi-edge Communication Flow Graphs (MCF-Graphs), and an edge representation learning model, Node-Edge Relationship GraphSAGE (NER-SAGE), for detecting saturation attack flows. MCF-Graphs effectively capture both the internal relationships among network flows and the associations between flows and network devices. NER-SAGE incorporates an attention mechanism to highlight the impact of flow edges on device node states in MCF-Graphs, and generates edge embeddings by aggregating information from both nodes and edges. Experiments conducted on two different network topologies demonstrate that the proposed method achieves high detection accuracy and strong graph representation capability, highlighting its effectiveness in identifying saturation attack flows.https://doi.org/10.1007/s44443-025-00149-5Saturation attack detectionSDNEdge representation learningAttention mechanism |
| spellingShingle | Zhangli Ji Yunhe Cui Yinyan Guo Guowei Shen Yi Chen Chun Guo Towards saturation attack detection in SDN: a multi-edge representation learning-based method Journal of King Saud University: Computer and Information Sciences Saturation attack detection SDN Edge representation learning Attention mechanism |
| title | Towards saturation attack detection in SDN: a multi-edge representation learning-based method |
| title_full | Towards saturation attack detection in SDN: a multi-edge representation learning-based method |
| title_fullStr | Towards saturation attack detection in SDN: a multi-edge representation learning-based method |
| title_full_unstemmed | Towards saturation attack detection in SDN: a multi-edge representation learning-based method |
| title_short | Towards saturation attack detection in SDN: a multi-edge representation learning-based method |
| title_sort | towards saturation attack detection in sdn a multi edge representation learning based method |
| topic | Saturation attack detection SDN Edge representation learning Attention mechanism |
| url | https://doi.org/10.1007/s44443-025-00149-5 |
| work_keys_str_mv | AT zhangliji towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod AT yunhecui towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod AT yinyanguo towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod AT guoweishen towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod AT yichen towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod AT chunguo towardssaturationattackdetectioninsdnamultiedgerepresentationlearningbasedmethod |