Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method for detecting and mitigating ddos ​​attacks on industrial sdn networks

An attack detection, industrial network technology, applied in the field of network security, can solve problems such as difficult research results in industrial SDN networks, industrial network network characteristics, real-time requirements, reliability requirements are not considered, importing data packets, etc.

Active Publication Date: 2020-07-17
CHONGQING UNIV OF POSTS & TELECOMM
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] (1) The attacker conducts a DDoS attack on the OF switch of the industrial backhaul network: using the OF switch to generate a large amount of unmatched packet-in information to attack the SDN controller, causing the SDN controller to go down due to the import of a large amount of packet-in information, As a result, normal data packet requests cannot be processed in time
[0006] (2) Attackers carry out DDoS attacks on key network devices such as industrial access network (industrial wired network, industrial wireless network such as WirelessHART, WIA-PA, ISA100.11a) routing nodes, causing industrial access network and industrial backhaul network to import A large number of invalid data packets affect the normal operation of the network
However, due to the characteristics of industrial backhaul networks and industrial control networks, the network characteristics, real-time requirements, and reliability requirements of industrial networks have not been considered, and the OpenFlow protocol of ordinary SDN networks has not been specially matched and improved for industrial networks. , it is difficult to directly apply the existing research results to the industrial SDN network
Especially in some industrial access networks that do not support IP (such as WIA-PA network, WirelessHART network, etc.), it is difficult to detect the actual occurrence of the attack by using the traditional OpenFlow flow table pattern matching method, information entropy value method, etc. Location traceability and positioning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for detecting and mitigating ddos ​​attacks on industrial sdn networks
  • A method for detecting and mitigating ddos ​​attacks on industrial sdn networks
  • A method for detecting and mitigating ddos ​​attacks on industrial sdn networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0098] The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0099] Aiming at the typical SDN-based industrial backhaul network architecture, an industrial network DDoS detection and mitigation architecture under the SDN-based joint scheduling architecture is proposed, such as figure 1 As shown, it includes application plane, control plane and forwarding plane.

[0100] The application plane includes SDN controller control software and anti-DDoS attack application management software.

[0101] ●SDN controller control software: the user configures the SDN controller through this software.

[0102]● Anti-DDoS attack application management software: It can support security personnel to formulate corresponding defense strategies according to the characteristics of network DDoS attacks to ensure safe operation of the network.

[0103] The control plane includes SDN controller, industrial access network ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an industrial SDN network DDoS attack detection and mitigation method, belonging to the field of network security. This method uses the synergy between the east-west interface of the SDN controller in the industrial backhaul network and the system manager of the industrial access network, and combines the characteristics of the data packets of the industrial backhaul network and the industrial access network to expand the matching domain of the flow entry of the OpenFlow switch. The flow table 0 is designated as the "dedicated flow table for mitigating DDoS attacks" to resist the attack data flow in time. Use the SDN controller of the industrial backhaul network and the DDoS attack detection and mitigation system to identify the attack data flow and find the source of the DDoS attack, and implement the strategy of mitigating the DDoS attack by dispatching the industrial access network system manager. The invention ensures the normal flow of the industrial backhaul network and the industrial access network, and overcomes the threat of DDoS attack to the industrial network security.

Description

technical field [0001] The invention belongs to the field of network security, and relates to a DDoS attack detection and mitigation method in an industrial SDN network. Background technique [0002] The attention of software-defined network (Software Defined Network, SDN) technology is becoming more and more obvious, and more and more researches are gradually introducing SDN into the industrial network environment. The characteristic of SDN is to separate the data forwarding plane and control plane of the network. In this way, the software platform in the controller is used to realize the programmable control of the underlying hardware, and realize the flexible on-demand deployment of network resources. The SDN controller uses the OpenFlow protocol to actively or passively deliver the flow table to the OpenFlow switch (hereinafter referred to as the OF switch), and the data packet is forwarded by matching the flow table. Using the advantages of SDN centralized control and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/801H04L12/861
CPCH04L47/29H04L49/9063H04L63/1416H04L63/1458H04L63/20H04L2212/00H04L45/64H04W12/12H04L63/0236H04L63/1425H04W84/12H04L45/42Y02D30/00H04L45/036
Inventor 魏旻杨涛毛久超庞巧月王平
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products