Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software defined network-based DDoS attack cross-layer cooperative defense method

A collaborative defense and cross-layer technology, applied to electrical components, transmission systems, etc., can solve problems such as large southbound communication overhead, huge communication pressure, and affecting normal management and operation of the network

Active Publication Date: 2018-04-24
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This approach will generate a lot of southbound communication overhead, which will introduce huge communication pressure between the data plane and the control plane, which may lead to problems such as increased network delay, and even affect the normal management and operation of the entire network.
[0012] 2) The oversimplified data plane makes all security functions must be completed based on the SDN controller, focusing on the programmability of the control plane, while ignoring the diversity of functions in the data plane itself
The SDN controller needs to continuously process packets and then deliver defense methods to the switch through the southbound interface, resulting in increased processing pressure on the control plane.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software defined network-based DDoS attack cross-layer cooperative defense method
  • Software defined network-based DDoS attack cross-layer cooperative defense method
  • Software defined network-based DDoS attack cross-layer cooperative defense method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0109] figure 2 It is an overall flowchart of the present invention; the present invention comprises the following steps:

[0110] The first step is to build an SDN-based DDoS attack cross-layer collaborative defense architecture, such as image 3 As shown, the SDN-based DDoS attack cross-layer collaborative defense architecture consists of a data plane and a control plane, and the control plane communicates with the data plane through the southbound interface. The data plane is composed of switches, which are responsible for data transmission; the control plane is composed of SDN controllers, which are responsible for the management of switches in the data plane.

[0111] In addition to the switch agent and data path, the SDN switch at the data level is also equipped with a DDoS attack perception module, a feature extraction module, and a DDoS defense execution module. Hardware counters in the switch count all packets and bits passing through the switch data path.

[0112...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a software defined network-based DDoS attack cross-layer cooperative defense method and aims to solve the problems of over high communication pressure of a southbound interfaceand a control plane as well as over high calculation pressure of an SDN controller. According to the technical scheme, the method comprises the following steps: constructing an SDN-based DDoS attackcross-layer cooperative defense framework comprising a data plane and a control plane, performing coarse-grained detection on data flow by the data plane to acquire DDoS attack abnormal flow data, andperforming fine-grained detection on the DDoS attack abnormal flow data by the control plane to acquire an exchanger closest to a bot network; deploying a DDoS defense strategy on the exchanger closest to the bot network by the SDN controller of the control plane, and performing DDoS defense according to the DDoS defense strategy by the SDN exchanger of the data plane. Through cooperation of thedata plane and the control plane, the cooperative defense advantage of the SDN is completely utilized and the problems of high pressure of the SDN southbound interface and too large burden of the SDNcontroller are solved, so that the exchanger can perform automatic defense intelligently.

Description

technical field [0001] The invention belongs to the field of computer network security, in particular to a cross-layer collaborative defense method for DDoS (Distributed Denial of Service) attacks based on SDN (Software Defined Network, software defined network). Background technique [0002] With the rapid development of computer network technology, network attacks and destructive behaviors are becoming more and more frequent, and the situation of computer network security is becoming increasingly severe. Among them, DDoS attack is one of the most concerned security problems in computer network at present. DDoS attacks usually use botnets to send a large number of service requests to victims, resulting in a large amount of resources consumed by victims, so that they cannot respond to legitimate user requests in a timely manner, or even completely paralyzed. A botnet refers to a group of computers that are centrally controlled by attackers and used to launch DDoS attacks. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 韩彪王汉文杨翔瑞孙志刚王宝生赵宝康赵锋虞万荣原玉磊
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com