Dynamic tracing method for IP spoofing data packet based on SDN

A data packet and dynamic technology, applied in the field of digital information transmission, can solve the problems of inability to accurately find and send IP spoofing data packets, uncertain matching accuracy of flow table items, etc., and achieve high accuracy and high matching accuracy

Active Publication Date: 2017-01-04
NANJING UNIV OF SCI & TECH
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, since there may be multiple controllers in the SDN network, the state of the switch flow entry changes frequently, and the matching accuracy of the flow entry is uncertain. The source of the found IP spoofing packets is usually a set, and the sending IP cannot be accurately found. The source host or ingress switch of the spoofed packet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Dynamic tracing method for IP spoofing data packet based on SDN
  • Dynamic tracing method for IP spoofing data packet based on SDN
  • Dynamic tracing method for IP spoofing data packet based on SDN

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] Figure 5 An example diagram of an implementation method of an application scenario of the present invention is given.

[0047] Figure 5 , the host Attacker uses a forged IP address to send a message to the host Victim, and the sending path of the data packet is Attacker->S4->S3->S2->S1->Victim. Suppose the host Attacker sends more than one such packet to the host Victim. At this time, the traceability requester wants to trace the sending source of this type of data packet. The traceability requester gives the source traceability switch as S1, the data packet sample set and the average interval time. The controller obtains the feature set through the data packet sample set, assuming : Destination IP address (Victim's IP address), IP protocol number, and destination port number of the transport layer. And these three feature items are enough to distinguish this type of data packet from other data packets, and the controller uses these three feature items as the match...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a dynamic tracing method of an IP spoofing data packet based on an SDN. The dynamic tracing method comprises the following steps: a detection flow table entry is added in a related SDN switch in a network through a controller under a Software-Defined Network (SDN) framework; the detection flow table entry is matched with a traced data packet, the detection flow table entry has the highest priority, and an action is to send a Packet-in message to the controller; and when the traced data packet arrives at the switch with the detection flow table entry added, the switch sends the Packet-in message to the controller, and the controller knows that the traced data packet passes by the switch through the message. By adopting the dynamic tracing method provided by the invention, the problem that as the matching precision of flow table entries in the SDN switch is not high, resulting in that a source host or an inlet switch of sending the data packet cannot be accurately deduced by the flow table entries is solved, and the forwarding of other normal data flow in the network is not affected.

Description

technical field [0001] The invention relates to the technical field of digital information transmission, in particular to a method for dynamically tracing the source of an SDN-based IP spoofing data packet. Background technique [0002] SDN is a new type of network architecture with data control separation and software programmable. SDN adopts a centralized control plane and a distributed forwarding plane. The two planes are separated from each other. The control plane uses the control-forwarding communication interface to perform centralized control on the data forwarding behavior of network devices on the forwarding plane, and provides flexible programming ability. The mainstream control interface protocol of SDN is the OpenFlow protocol. [0003] IP address spoofing means that the sender forges its own IP address to send a request to the target system. IP address spoofing is commonly used in DoS attacks. Due to the use of forged source IP addresses, it is often diffic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26
CPCH04L43/10H04L2463/146
Inventor 魏松杰赵茹东崔聪兰少华程浩时召伟
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap