Method for detecting and alleviating DDoS attack of industrial SDN network

Abstract

The invention relates to a method for detecting and alleviating DDoS attack of an industrial SDN network, wherein the method belongs to the field of network safety. According to the method of the invention, by means of cooperative function between an east-and-west direction interface of an SDN controller in an industrial backhaul network and a system manager of an industrial access network, according to the characteristics of the industrial backhaul network and an industrial access network data packet, an OpenFlow switch flow item matching domain is expanded, and a flow table 0 is set to an elevate DDoS attack specialized flow table for resisting an attack data flow in time. the SDN controller and the DDoS attack detecting and alleviating system of the industrial backhaul network are utilized, thereby identifying an attacking data flow and finding out a DDoS attack source, and applying a DDoS attack alleviating strategy through scheduling an industrial access network system manager. The method ensures normal flow of the industrial backhaul network and the industrial access network and overcomes threat of DDoS attack to safety of the industrial network.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a DDoS attack detection and mitigation method in an industrial SDN network. Background technique [0002] The attention of software-defined network (Software Defined Network, SDN) technology is becoming more and more obvious, and more and more researches are gradually introducing SDN into the industrial network environment. The characteristic of SDN is to separate the data forwarding plane and control plane of the network. In this way, the software platform in the controller is used to realize the programmable control of the underlying hardware, and realize the flexible on-demand deployment of network resources. The SDN controller uses the OpenFlow protocol to actively or passively deliver the flow table to the OpenFlow switch (hereinafter referred to as the OF switch), and the data packet is forwarded by matching the flow table. Using the advantages of SDN centralized control and ...

AI Technical Summary

Problems solved by technology

[0005] (1) The attacker conducts a DDoS attack on the OF switch of the industrial backhaul network: using the OF switch to generate a large amount of unmatched packet-in information to attack the SDN controller, causing the SDN controller to go down due to the import of a large amount of packet-in information, As a result, normal data packet requests cannot be processed in time

[0006] (2) Attackers carry out DDoS attacks on key network devices such as industrial access network (industrial wired network, industrial wireless network such as WirelessHART, WIA-PA, ISA100.11a) routing nodes, causing industrial access network and industrial backhaul network to import A large number of invalid data packets affect the normal operation of the network

However, due to the characteristics of industrial backhaul networks and industrial control networks, the network characteristics, real-time requirements, and reliability requirements of industrial networks have not been considered, and the OpenFlow protocol of ordinary SDN networks has not been specially matched and improved for industrial networks. , it is difficult to directly apply the existing research results to the industrial SDN network

Especially in some industrial access networks that do not support IP (such as WIA-PA network, WirelessHART network, etc.), it is difficult to detect the actual occurrence of the attack by using the traditional OpenFlow flow table pattern matching method, information entropy value method, etc. Location traceability and positioning

Images