Unlock instant, AI-driven research and patent intelligence for your innovation.

DDoS attack detection and protection method and system based on SDN architecture

An SDN architecture and attack detection technology, applied in transmission systems, instruments, computing and other directions to achieve the effect of reducing harm

Active Publication Date: 2018-10-16
PEKING UNIV
View PDF6 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, filtering rules must be crafted to make it suitable for various types of DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack detection and protection method and system based on SDN architecture
  • DDoS attack detection and protection method and system based on SDN architecture
  • DDoS attack detection and protection method and system based on SDN architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The technical solutions of the present invention will be further described below in conjunction with the embodiments and the accompanying drawings.

[0038] Such as figure 1 Shown is the overall architecture of the system. The system consists of three parts, the SDN control plane (also called the control unit), the data plane (also called the data unit) and the security protection unit deployed in the local area network - SGU and its responsible terminals and servers . The control plane of SDN includes a controller, and the data plane includes several switches. There is a dedicated secure channel between the switch and the controller for the switch to transmit data packet information to the controller and the controller to distribute forwarding rules. The controller is connected to the SGU through a dedicated communication channel, which is used to transmit flow entries, detection results and filtering rules of the SGU.

[0039] SGU can be realized by ordinary comput...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DDoS attack detection and protection method and system based on SDN architecture. The method comprises the following steps: a security protection unit is set in each LAN, andthe security protection unit establishes a classification model according to a traffic data set of an existing non-DDoS attack moment; after every time interval, all switches in an SDN network send own flow tables to a controller, and the controller forwards the received flow tables to an upper layer application for sorting, and sends the sorted flow table entry to the security protection unit ofthe corresponding LAN according to a destination address; the security protection unit judges whether the flow table entry is a DDoS attack by using the classification model, and if yes, issues a filtering rule list to the controller; and the controller sends the filtering rule list to a subordinate switch to filter the attack traffic. By adoption of the DDoS attack detection and protection method and system disclosed by the invention, rapid detection and protection of DDoS attacks can be realized, and different types of DDoS attacks can be protected.

Description

technical field [0001] The invention relates to a DDoS attack detection and protection method and system based on an SDN architecture, belonging to the technical field of computer applications. Background technique [0002] The full name of DDoS attack is Distributed Denail-of-Service (Distributed Denial of Service) attack. The purpose of this type of attack is to make the target system unable to respond to the service request of normal users. The most common type of DDoS attack is flooding DDoS attack. The main method used in this type of attack is: the attacker manipulates multiple machines to construct a large number of data packets and send them to the target system, exhausting the system resources or bandwidth resources of the target system , so that the service requests of normal users cannot be processed or even received, and eventually the target system cannot respond to the requests of normal users. Most DDoS attacks rely on botnets to generate traffic to launch at...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F17/30
CPCH04L63/0263H04L63/1416H04L63/1425H04L63/1458
Inventor 韩心慧魏爽武新逢黎桐辛
Owner PEKING UNIV