A verification method of IP source address based on SDN

A verification method and source address technology, which is applied in the network security field of IP source address verification, can solve the problems of high cost of implementation and deployment, false negatives, false positives of fine filtering, etc., and achieve incremental deployment, good adaptability, and reliability Highly realizable effect

Active Publication Date: 2019-11-01
SHENZHEN INSTITUTE OF INFORMATION TECHNOLOGY
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the disadvantage of this mechanism is that the implementation and deployment of the scheme are costly; the data packet filtering scheme refers to filtering illegal The purpose of data packets, but this mechanism still has the deficiency of false positive (misjudgment) or false negative (missed judgment) in terms of filtering accuracy; finally, the general SDN deployment scheme deploys SDN devices in all subnets, such as OpenRouter Routers, OpenFlow switches, etc., use the controller to centrally calculate the forwarding rules and send them to the SDN device, so as to achieve the goal of verifying the IP source address of the data packet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A verification method of IP source address based on SDN
  • A verification method of IP source address based on SDN
  • A verification method of IP source address based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0032] Figure 1a It is a schematic diagram of the overall mechanism before the deployment of SDN equipment, Figure 1b It is a schematic diagram of the overall mechanism after SDN equipment is deployed. H1 and H2 are legitimate hosts, H1' is a counterfeit host, A, B, and C are traditional switches, A' is an SDN switch, and D is an SDN controller.

[0033]The fake host H1' fakes the IP address of the legal host H1 to send fake data packets. Before the deployment of the SDN device, the network cannot detect and filter the above fake data packets. The network can detect and filter the above counterfeit data packets if the traffic control rules are set.

[0034] The present invention provides a kind of IP source address verification method based on SDN, specifically comprises the following steps:

[0035] A1. There are multiple border gateway...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an IP source address verification method based on an SDN. The method comprises the following steps that: A1, an SDN controller converts a domain network topology into one data packet forwarding view tree using a boundary gateway device as a root node; A2, the SDN controller analyzes each node on the data packet forwarding view tree, finds out disposition nodes and disposes the disposition nodes as SDN nodes, and SDN switches are used to replace conventional switches on the disposition nodes; A3, the SDN controller calculates a forwarding rule, and the forwarding rule is disposed on the DN switches; and A4, according to the forwarding rule, the DN switches carry out matching on the arrived data packets. By adopting the method, a small number of SDN devices are arranged in a domain network, a maximum IP source address verification effect is achieved, the increment disposition of the system is facilitated, and the investment of the early stage is effectively reduced.

Description

technical field [0001] The invention relates to the network security field of IP source address verification, in particular to a method for verifying an IP source address based on a software-defined network (SDN). Background technique [0002] Since the current Internet only performs forwarding addressing according to the destination address of the data packet, it does not care about the IP source address of the sending user and the sending host, and the Internet architecture itself lacks an authentication mechanism for the IP source address of the data packet, which leads to data Packet IP source address spoofing and related attacks caused by source address spoofing, but it is difficult to locate the source of the attack or mistrace the source only based on the IP source address of the data packet afterwards. Many attacks (such as denial of service attacks, etc.) take advantage of this loophole to launch attacks on victims without taking responsibility, which has caused gre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0876H04L63/1483
Inventor 胡光武陈国龙张平安孔令晶李清肖喜
Owner SHENZHEN INSTITUTE OF INFORMATION TECHNOLOGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap