Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A topology protection method for software-defined network

A software-defined network, topology protection technology, applied in electrical components, advanced technology, climate sustainability, etc., can solve the problems of single detection object, security loopholes, poor compatibility, etc., to achieve the effect of protecting topology security and ensuring performance

Active Publication Date: 2020-05-19
HUAZHONG UNIV OF SCI & TECH
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, improving the current LLDP protocol, adding HMAC (Hash-based Message Authentication Code) to verify the integrity of LLDP messages can detect packet forgery attacks, but cannot detect packet replay attacks, and the detection object is too single, which has certain limitations; proposed The new protocol types such as sOFTDP can avoid the security loopholes of the topology discovery mechanism in design, but at the cost of changing the standard of the SDN topology discovery agreement, both the controller and the switch need to make corresponding changes for the new protocol, and the compatibility is poor ; Designing and implementing the corresponding topology protection application only needs to modify the control plane, which has good compatibility and does not need to modify the protocol type. The data detection packet is sent, which violates the original design intention of the separation of SDN forwarding and control. The other one lacks a corresponding security mechanism for the link after the host is dormant, and has a large security hole. Moreover, these two schemes have no effect on launching attacks on the switch. any precautions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A topology protection method for software-defined network
  • A topology protection method for software-defined network
  • A topology protection method for software-defined network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not constitute a conflict with each other.

[0059] Before explaining the technical solution of the present invention in detail, the working principle of the LLDP protocol is firstly introduced. figure 1 Shown is a simple SDN network topology diagram, which includes an SDN controller and two switches S1 and S2, the switch S1 includes two ports P1 and P2, the switch S2 also includes two ports P1 and P2, and the switch S1 Port P2 is connect...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a topology protection method for a software defined network (SDN). The method comprises steps: the port information of each survival switch port is initialized and maintained;according to a gathered Packet-in message, host state detection is carried out, and according to a host state detection result and the maintained port information, LLDP (Link Layer Discovery Protocol)packets are classified; in view of different classes of LLDP packets, a corresponding attack detection method is adopted for attack detection; if an attack packet is detected, the packet rule of theattack packet is recorded in a filter rule of a controller in real time, and attack defense is further realized through a packet rule filter mode; Packet-in messages on a data plane are gathered continuously, the maintained port information is updated according to the gathered Packet-in messages, and steps of attack detection and defense are executed repeatedly. Four classes of topology pollutionattacks can be detected and defended effectively and comprehensively, and the performance of the SDN is also ensured.

Description

technical field [0001] The invention belongs to the field of software-defined network security, and more specifically relates to a topology protection method of software-defined network. Background technique [0002] Software Defined Network (SDN) can achieve centralized network management and traffic scheduling by decoupling network control and data forwarding functions, so it has been widely used. Network topology discovery is the basis for centralized management of software-defined networks. In a multi-tenant cloud data center network, network units such as access terminals and switches are gradually virtualized. The means control resources such as access terminals and switches, and then launch network topology pollution attacks to paralyze the entire network. [0003] All current SDN controller link discovery adopts the OFDP (OpenFlow Discovery Protocol, OpenFlow topology discovery protocol) protocol, and the bottom layer of OFDP realizes data exchange based on the link...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0227H04L63/1416H04L63/1441H04L63/1466Y02D30/00
Inventor 于俊清王兴李冬
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com