Controller is a key component in the three layers of Software - Defined Networking (SDN), which is to process a huge number of flow requests from network devices. As a result, it puts a flow rule into flow table in switch according to every incoming packet. However, the capacity of flow table is limited and can be the target of malicious attacks by taking advantage of installing rules from controller. Specifically, malicious rules can be pushed from controller to occupy the available space for new benign traffic due to controlling and directing the packets in SDN relied on flow rules installation. These tables can be full of a massive number of flow entries populated from controller, leading to be out of space for new benign flows. This paper gives a method to mitigate flow table overloading attack after a DDoS attack notification. It can help the data plane to be more secured by improving the availability of flow table with a strategy of real-time packet monitoring and flow management in controller.
