Method and system for preventing blind DDoS attacks on SDN controllers

A controller and attack detection technology, which is applied in the transmission system, electrical components, etc., to achieve the effect of ensuring availability and preventing blind DDoS attacks

Active Publication Date: 2014-02-05
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 98 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of this, the present invention discloses a blind DDoS attack protection method and system for an SDN controller, which solves the blind DDoS attack problem that cannot be solved by traditional network anti-DDoS methods, and can detect and protect against SDN network controllers (Controller) blind DDoS attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing blind DDoS attacks on SDN controllers
  • Method and system for preventing blind DDoS attacks on SDN controllers
  • Method and system for preventing blind DDoS attacks on SDN controllers

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0041] The system of the present invention includes an SDN controller resource pool monitor, a controller list dynamic switching module and an attack detection application module.

[0042] The resource pool monitor is responsible for maintaining controller creation, data synchronization, IP address allocation, and status list, and dynamically increases the number of backup controllers according to the size of monitored blind DDoS traffic;

[0043] The controller list dynamic switching module on the SDN switch randomly selects the controller to which the communication data is sent according to the controller list sent by the SDN controller;

[0044] The attack detection application module is on the attack detection application server, which is the upper layer application of the controller, and exchanges data with the controller through the northbound int...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and system for preventing blind DDoS attacks on SDN controllers. The system comprises an SDN controller resource pool monitor, a controller list dynamic switching module deployed on an SDN switch and an attack detection application module, and the attack detection application module and the controllers carry out data interaction through data interfaces. The SDN controller resource pool monitor is used for maintaining the establishment of a plurality of physical machine and / or virtual machine controllers, data synchronism, IP address distribution and state lists to be issued to the switch. The attack detection application module detects the communication data streams of the controllers and the switch in an SDN network, and when blind DDoS attack streams on the controllers are detected, the SDN controller resource pool monitor dynamically adjusts the number of the controllers according to attack flow generated when the blind DDoS attacks occur. The method can dynamically adjust the number of the controllers, the blind DDoS attacks on the controllers can be effectively prevented, and the usability of the SDN network is guaranteed.

Description

technical field [0001] The invention relates to a method and system for detecting and protecting an SDN controller blind DDoS attack, belonging to the field of computer network security. Background technique [0002] Traditional network equipment couples equipment control and data forwarding together, which makes the management of routers, switches, etc. very complicated, lacks flexibility and scalability, and hinders the further rapid development of the network. Therefore, under this background, the concept of SDN and its related technologies emerged. [0003] Software-defined networking (SDN for short) technology separates the control plane and data plane of the network, and provides a new solution for the development of new network applications and future Internet technologies. Among them, the Openflow technology is currently the most successful implementation method of the SDN concept. Using OpenFlow technology, the control function is separated from the network device...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 马多贺徐震黄亮杨婧李乃山
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap