Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting and alleviating DDoS attack of industrial SDN network

An attack detection and industrial network technology, applied in the field of network security, can solve problems such as industrial SDN network, industrial network network characteristics, real-time requirements and reliability requirements that are not considered, importing data packets, etc.

Active Publication Date: 2018-07-17
CHONGQING UNIV OF POSTS & TELECOMM
View PDF11 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The attacker conducts a DDoS attack on the OF switch of the industrial backhaul network: using the OF switch to generate a large amount of unmatched packet-in information to attack the SDN controller, causing the SDN controller to go down due to the import of a large amount of packet-in information, As a result, normal data packet requests cannot be processed in time
[0006] (2) Attackers carry out DDoS attacks on key network devices such as industrial access network (industrial wired network, industrial wireless network such as WirelessHART, WIA-PA, ISA100.11a) routing nodes, causing industrial access network and industrial backhaul network to import A large number of invalid data packets affect the normal operation of the network
However, due to the characteristics of industrial backhaul networks and industrial control networks, the network characteristics, real-time requirements, and reliability requirements of industrial networks have not been considered, and the OpenFlow protocol of ordinary SDN networks has not been specially matched and improved for industrial networks. , it is difficult to directly apply the existing research results to the industrial SDN network
Especially in some industrial access networks that do not support IP (such as WIA-PA network, WirelessHART network, etc.), it is difficult to detect the actual occurrence of the attack by using the traditional OpenFlow flow table pattern matching method, information entropy value method, etc. Location traceability and positioning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and alleviating DDoS attack of industrial SDN network
  • Method for detecting and alleviating DDoS attack of industrial SDN network
  • Method for detecting and alleviating DDoS attack of industrial SDN network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0098] The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0099] Aiming at the typical SDN-based industrial backhaul network architecture, an industrial network DDoS detection and mitigation architecture under the SDN-based joint scheduling architecture is proposed, such as figure 1 As shown, it includes application plane, control plane and forwarding plane.

[0100] The application plane includes SDN controller control software and anti-DDoS attack application management software.

[0101] ●SDN controller control software: the user configures the SDN controller through this software.

[0102]● Anti-DDoS attack application management software: It can support security personnel to formulate corresponding defense strategies according to the characteristics of network DDoS attacks to ensure safe operation of the network.

[0103] The control plane includes SDN controller, industrial access network ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for detecting and alleviating DDoS attack of an industrial SDN network, wherein the method belongs to the field of network safety. According to the method of the invention, by means of cooperative function between an east-and-west direction interface of an SDN controller in an industrial backhaul network and a system manager of an industrial access network, according to the characteristics of the industrial backhaul network and an industrial access network data packet, an OpenFlow switch flow item matching domain is expanded, and a flow table 0 is set to an elevate DDoS attack specialized flow table for resisting an attack data flow in time. the SDN controller and the DDoS attack detecting and alleviating system of the industrial backhaul network are utilized, thereby identifying an attacking data flow and finding out a DDoS attack source, and applying a DDoS attack alleviating strategy through scheduling an industrial access network system manager. The method ensures normal flow of the industrial backhaul network and the industrial access network and overcomes threat of DDoS attack to safety of the industrial network.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a DDoS attack detection and mitigation method in an industrial SDN network. Background technique [0002] The attention of software-defined network (Software Defined Network, SDN) technology is becoming more and more obvious, and more and more researches are gradually introducing SDN into the industrial network environment. The characteristic of SDN is to separate the data forwarding plane and control plane of the network. In this way, the software platform in the controller is used to realize the programmable control of the underlying hardware, and realize the flexible on-demand deployment of network resources. The SDN controller uses the OpenFlow protocol to actively or passively deliver the flow table to the OpenFlow switch (hereinafter referred to as the OF switch), and the data packet is forwarded by matching the flow table. Using the advantages of SDN centralized control and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/801H04L12/861
CPCH04L47/29H04L49/9063H04L63/1416H04L63/1458H04L63/20H04L2212/00H04L45/64H04W12/12H04L63/0236H04L63/1425H04W84/12H04L45/42Y02D30/00H04L45/036
Inventor 魏旻杨涛毛久超庞巧月王平
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products