OpenFlow controller-anti-DDoS (Distributed Denial of Service) attack method

A controller and switch technology, applied in the field of network communication, can solve the problems of resource consumption, legal users cannot get network services in time, etc., and achieve the effect of reducing the number, reducing redundant consumption, and improving robustness

Active Publication Date: 2018-03-13
NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A DDoS attack initiates a request to the attacked target server by invoking a large number of puppets distributed in the network. The server consumes a lot of resources for processing these forged requests, so that legitimate user requests cannot be served by the network in time.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • OpenFlow controller-anti-DDoS (Distributed Denial of Service) attack method
  • OpenFlow controller-anti-DDoS (Distributed Denial of Service) attack method
  • OpenFlow controller-anti-DDoS (Distributed Denial of Service) attack method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0043] The present invention is according to the technical characteristic of SDN network and DDoS attack, a set of light, efficient controller of design prevents DDoS attack (Controller-Anti-DDoS, CADDoS) method, CADDoS mainly solves following two problems:

[0044] (1) A reasonable speed limit is imposed on the flow that arrives in the network, not only to prevent a large number of Packet_In messages from affecting the performance of the controller, but also to ensure the service rate of the flow in the network.

[0045] (2) Implement detection and tracking of DDoS flows, and filter DDoS flows. It mainly consists of two mechanisms: the security speed limit mechanism and the DDoS detection and tracking mechanism.

[0046] The main idea of ​​the CADDoS method is:

[0047] (1) Transfer flow table and speed limit function: In order to prevent a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an OpenFlow controller-anti-DDoS (Distributed Denial of Service) attack method. An OpenFlow controller comprises a stream information collection module, a traffic detection module and a traffic filtering module. The OpenFlow controller is used for collecting and analyzing stream information, issuing flow tables and controlling forwarding behaviors of OpenFlow switches basedon the stream information and the flow tables. According to the method provided by the invention, the controller is prevented from being attacked by DDoS; redundant consumption of UDP big streams forcontroller resources can be reduced; the existing OpenFlow switches do not need to be modified; the number of attack messages can be clearly reduced through utilization of RED queues and rate limiting mechanisms of the OpenFlow switches; DDoS attack traffic can be rapidly filtered, so the controller can provide service for received messages timely; and the method is a lightweight easy-deploymentmechanism and can be expanded for different DDoS attack types, so the robustness of the method is clearly improved.

Description

technical field [0001] The invention belongs to the field of network communication, and specifically proposes a method for an OpenFlow controller to defend against DDoS attacks. Background technique [0002] Software Defined Networking (Software Defined Networking, SDN) is a new type of network architecture, which abstracts the control logic from the data plane into a control plane, provides a more flexible programming method for network managers, and solves the problem of traditional TCP / IP Problems in the network (such as traffic engineering, admission control, load balancing, etc.) put forward new solutions. As a southbound interface standard of SDN, OpenFlow has been applied in practice. The SDN network conforming to the OpenFlow standard is called an OpenFlow network. As the controller that carries the control plane function, it has a very important position in SDN and is also the preferred target of network attackers. Once the controller fails, it will cause a single...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/801H04L12/863
CPCH04L47/10H04L47/50H04L63/1458Y02D30/50
Inventor 陈鸣胡慧陈兵胡超
Owner NANJING UNIV OF AERONAUTICS & ASTRONAUTICS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap