Controlling your neighbour’s bandwidth for fun and for profit

Jonathan Weekes, Shishir Nagaraja

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

1 Citation (Scopus)


We carry out a systematic study of the attack-resilience of flow-rule replacement strategies for switch caches in Software-Defined Networks. Flow Rules are inserted into the switch at the request of the network hosts to direct traffic- replacing older rules when the switch flow table is full. Malicious hosts can leverage the flow rule replacement strategy to launch cache flushing attacks. This results in substantially reducing the network throughput of their neighbours forcing their traffic to slow down dramatically. We describe and evaluate the attack on the First-In-First-Out strategy- the defacto SDN flow-rule replacement strategy.

Original languageEnglish
Title of host publicationSecurity Protocols XXV - 25th International Workshop, Revised Selected Papers
EditorsFrank Stajano, Bruce Christianson, Vashek Matyas, Jonathan Anderson
Place of PublicationCham
Number of pages10
ISBN (Print)9783319710747
Publication statusPublished - 1 Jan 2017
Event25th International Workshop on Security Protocols, 2017 - Cambridge, United Kingdom
Duration: 20 Mar 201722 Mar 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10476 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference25th International Workshop on Security Protocols, 2017
Country/TerritoryUnited Kingdom


  • bandwidth
  • network security
  • attack resiliences
  • malicious host
  • network hosts


Dive into the research topics of 'Controlling your neighbour’s bandwidth for fun and for profit'. Together they form a unique fingerprint.

Cite this