DoS/DDoS attack defense module and method based on SDN controller

A controller and processing module technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of occupying the network bandwidth of the data plane and the control plane, consuming the buffer space of the controller and the switch, and harming, so as to maximize the processing efficiency and realize Security, to ensure the effect of normal communication

Active Publication Date: 2017-12-05
ZHEJIANG UNIV
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This DoS / DDoS attack not only consumes the cache space of the controller and the switch, but also occupies the network bandwidth between the data plane and the control plane.
If multiple distributed hosts are used for sending, a more harmful distributed denial of service attack will occur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DoS/DDoS attack defense module and method based on SDN controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The present invention will be described in detail below according to the accompanying drawings and embodiments, so that the purpose and effect of the present invention will become more obvious.

[0016] The present invention provides a DoS / DDoS attack defense module based on an SDN controller. The data packet processing module in the SDN controller is set as a DoS / DDoS attack defense module, so that all data packets that are about to be handed over to the data packet processing module will first After the DoS / DDoS attack defense module defense module; the DoS / DDoS attack defense module maintains a counter, which records the number of data packets received by the SDN controller in the past 1 second, and sets two thresholds, namely the first-level threshold and the second-level threshold, the second-level threshold is greater than the first-level threshold, when the counter is less than the first-level threshold, the packet will be passed to the default processing module f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DoS/DDoS attack defense module and a method based on an SDN controller. The DoS/DDoS attack defense module maintains a counter, the number of packets received by the SDN controller in the past n seconds is recorded, two thresholds, those are, a primary threshold and a secondary threshold, are set, and the secondary threshold is larger than the primary threshold. When the counter is smaller than the primary threshold, the data packets are transmitted to a default processing module for processing. When the counter exceeds the primary threshold, happening of a DoS/DDoS attack is meant, the data packets are firstly filtered through the DoS/DDoS attack defense module, and the controller at the time enters a defense mode. When the number of packets received per second exceeds the secondary threshold, happening of a stronger DoS/DDoS attack is meant. The module can effectively filter malicious attack packets and can ensure normal data packet communication, so that the module can resist DoS / DDoS attacks against SDN controllers to a certain extent.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to an SDN controller-based DoS / DDoS attack defense module and method. Background technique [0002] As a new technology, SDN is also facing many security problems while it is developing rapidly. Because the design of SDN architecture, system and protocol is not mature enough, security issues are becoming more and more prominent. As a traditional attack method, DoS / DDoS attack has become a new threat to SDN network. [0003] As a kind of SDN southbound protocol, OpenFlow has certain security problems, and it is easy to cause DoS / DDoS attacks between the data plane and the control plane. The attacker can generate a large number of irregular data packets and send them to the switch, but there is no flow table that can match these data packets in the switch. At this time, the switch will send a large number of packet_in messages to the controller. This DoS / DDoS attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/1408H04L63/1458
Inventor 吴春明李宇薇周海峰刘倩君王鹏飞
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap