Increment deployment SDN network-based method for defending link flooding attack

A link flooding attack and network technology, which is applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems that it is difficult for the server to directly detect abnormal traffic, difficult to detect, and indistinguishable, so as to eliminate Link flooding attack, the effect of defending against link flooding attack

Active Publication Date: 2016-04-20
SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
View PDF3 Cites 26 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (1) Difficult to detect
The target area is not directly attacked, so it is difficult for the servers in the target area to directly detect abnormal traffic
[0008] (2) Indistinguishability
However, due to the huge scale of the current network, the diversity and complexity of network facilities and types, the transition from traditional networks to software-defined networks cannot be completed overnight.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Increment deployment SDN network-based method for defending link flooding attack
  • Increment deployment SDN network-based method for defending link flooding attack
  • Increment deployment SDN network-based method for defending link flooding attack

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0034] Algorithm example 1, defense mechanism algorithm framework in the present invention:

[0035]

[0036] 2. Node upgrade algorithm

[0037] 2.1 Problem description

[0038] The node upgrade problem is mainly based on the network topology, as well as the distribution of entry nodes and target nodes, to select a group of nodes suitable for upgrading to software-defined network function nodes. The formal description is: For a given undirected graph G(V, E, S, D), where V is the set of all nodes in the graph, E is the set of all edges in the graph, S is the set of entry nodes, and D is A collection of destination nodes, from which m nodes are selected, which can increase the connectivity of the network to the greatest extent. The connectivity of the network here can be expressed as the communication path increased as much as possible in the entry node set and the exit node set.

[0039] 2.2 Algorithm description

[0040] Ideally, if the number of selected nodes m is la...

example 2

[0041] Algorithm example 2, upgrade node selection algorithm:

[0042]

[0043] 3. Location and judgment of link flooding attack

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an increment deployment SDN network-based method for defending a link flooding attack. A node upgrade algorithm is utilized to pick out routers that need to be upgraded into software-defined network function nodes and the routers are upgraded; when congestion occurs in a network, a congestion link is positioned through the software-defined network function nodes deployed in the network; congestion link information of the whole network is collected, and on this basis, whether current network congestion forms a link flooding attack is judged; and if the link flooding attach is formed, global flow engineering is started to balance flow of the whole network, otherwise, the congestion link is relieved through backup of a path. According to the increment deployment SDN network-based method for defending a link flooding attack, in a traditional network, a small quantity of nodes are upgraded into software-defined network function nodes, the link flooding attack is detected, a link group that is attacked is positioned, and link flow of the whole network is balanced through centralized control flow engineering, so that the root of a link flooding attack is eliminated, thereby effectively defending the link flooding attack.

Description

technical field [0001] The invention relates to network security technologies in the field of computer networks, in particular to a method for defending against link flooding attacks based on incrementally deployed SDN (Software-Defined Network, software-defined network) networks. Background technique [0002] Distributed Denial of Service (DDoS) is one of the major security threats to the Internet today. The attacker is mainly based on the asymmetry of the resources of the zombie host and the victim, and then uses the loopholes of some network protocols to launch an attack, consumes the resources of the victim (bandwidth, CPU, etc.), so that the victim availability is greatly reduced. For traditional DDoS attacks, there are already a series of relatively effective defense measures, including Pushback, ingress filter (Ingress filter), controller proxy model and other methods. The existing algorithm is based on the statistics and identification of network traffic, so as to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/721
CPCH04L45/32H04L63/1458
Inventor 李清王磊江勇吴建平
Owner SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap