Software defined network-based DDoS attack cross-layer cooperative defense method

Abstract

The invention discloses a software defined network-based DDoS attack cross-layer cooperative defense method and aims to solve the problems of over high communication pressure of a southbound interfaceand a control plane as well as over high calculation pressure of an SDN controller. According to the technical scheme, the method comprises the following steps: constructing an SDN-based DDoS attackcross-layer cooperative defense framework comprising a data plane and a control plane, performing coarse-grained detection on data flow by the data plane to acquire DDoS attack abnormal flow data, andperforming fine-grained detection on the DDoS attack abnormal flow data by the control plane to acquire an exchanger closest to a bot network; deploying a DDoS defense strategy on the exchanger closest to the bot network by the SDN controller of the control plane, and performing DDoS defense according to the DDoS defense strategy by the SDN exchanger of the data plane. Through cooperation of thedata plane and the control plane, the cooperative defense advantage of the SDN is completely utilized and the problems of high pressure of the SDN southbound interface and too large burden of the SDNcontroller are solved, so that the exchanger can perform automatic defense intelligently.

Description

technical field [0001] The invention belongs to the field of computer network security, in particular to a cross-layer collaborative defense method for DDoS (Distributed Denial of Service) attacks based on SDN (Software Defined Network, software defined network). Background technique [0002] With the rapid development of computer network technology, network attacks and destructive behaviors are becoming more and more frequent, and the situation of computer network security is becoming increasingly severe. Among them, DDoS attack is one of the most concerned security problems in computer network at present. DDoS attacks usually use botnets to send a large number of service requests to victims, resulting in a large amount of resources consumed by victims, so that they cannot respond to legitimate user requests in a timely manner, or even completely paralyzed. A botnet refers to a group of computers that are centrally controlled by attackers and used to launch DDoS attacks. ...

AI Technical Summary

Problems solved by technology

This approach will generate a lot of southbound communication overhead, which will introduce huge communication pressure between the data plane and the control plane, which may lead to problems such as increased network delay, and even affect the normal management and operation of the entire network.

[0012] 2) The oversimplified data plane makes all security functions must be completed based on the SDN controller, focusing on the programmability of the control plane, while ignoring the diversity of functions in the data plane itself

The SDN controller needs to continuously process packets and then deliver defense methods to the switch through the southbound interface, resulting in increased processing pressure on the control plane.

Images