Saturation attack defending method, device and system of buffer queue in outlet gateway

An egress gateway and cache queue technology, applied in the field of network security, can solve problems such as increasing the processing burden of the controller, limited cache queue size, and cache queue overflow

Inactive Publication Date: 2016-02-24
BEIJING JIAOTONG UNIV
View PDF4 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In order to solve the limited size of the cache queue of the switch in the prior art, when a malicious user sends a large number of data packets with different destinations and a large load, it is easy to cause the cache queue to overflow, which in turn increases the processing burden of the controller, making the entire SDN network To solve the problem of oversaturation, the embodiment of the present invention provides a method, device and system for defending against cache queue saturation attacks in egress gateways

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Saturation attack defending method, device and system of buffer queue in outlet gateway
  • Saturation attack defending method, device and system of buffer queue in outlet gateway
  • Saturation attack defending method, device and system of buffer queue in outlet gateway

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0093] In order to make the objectives, technical solutions and advantages of the present invention clearer, the embodiments of the present invention will be described in further detail below in conjunction with the accompanying drawings.

[0094] In order to facilitate the understanding of the present invention, the structure of the SDN network based on the OpenFlow protocol is described as follows:

[0095] The SDN network based on the OpenFlow protocol includes an OpenFlow switch (English: OpenFlowSwitch) and an OpenFlow controller (English: OpenFlowController).

[0096] Among them, the OpenFlow switch is responsible for data forwarding according to the stored flow table, and the OpenFlow controller is responsible for routing control, which means that the OpenFlow controller can send the flow table to the OpenFlow switch through a secure channel, thereby achieving the purpose of controlling the OpenFlow switch to forward data. , To achieve the separation of data forwarding and rou...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a saturation attack defending method, device and system of a buffer queue in an outlet gateway, and belongs to the field of network safety. The method comprises the steps of receiving a data packet transmitted by a terminal; when flow table items in a data packet static flow table and a dynamic flow table are unmatched, transmitting the data packet to a central controller; and forwarding the data packet based on a flow table item fed back by the central controller. According to the saturation attack defending method, device and system of the buffer queue in the outlet gateway, the problem that buffer queue overflow is resulted easily to enable the whole SDN (Software Defined Network) to be supersaturated when a malicious user transmits a large number of data packets having different destinations and carrying with relatively great loads is solved, and the effect of avoiding buffer queue overflow due to that the outlet gateway suddenly receives a large number of data packets having different destinations when a mobile network suffers from network attack of an illegal terminal is realized as frequently-used data packets are directly matched in the outlet gateway rather than being added into the buffer queue to be transmitted to the central controller.

Description

Technical field [0001] The invention relates to the field of network security, and in particular to a method, device and system for defending against saturation of buffer queues in an egress gateway. Background technique [0002] In order to better provide reliable Internet services for the fourth generation of mobile communication users, in the future mobile Internet design, centralized control is proposed for mobile communication users' access. Software Defined Network (English: SoftwareDefinedNetwork, abbreviated as: SDN) adopts the idea of ​​centralized control. Its core technology, OpenFlow, separates the control plane of network equipment from the data plane, thereby realizing flexible control of network traffic. [0003] When the data flow from the user plane arrives at the switch, if there is a flow table matching the data flow on the switch, it will be forwarded. If there is no flow table matching the data flow, the data packets will be temporarily cached in the cache queu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/861H04L29/06H04L12/721
CPCH04L45/38H04L49/90H04L63/10
Inventor 陈佳王铭鑫周华春苏伟梁缘王烽
Owner BEIJING JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap