Supercharge Your Innovation With Domain-Expert AI Agents!

Method for suppressing malicious NA messages in DAD process suitable for SEND protocol

A message and protocol technology, applied in the computer field, can solve problems such as malicious node theft, and achieve the effect of avoiding consumption and avoiding host CPU resources

Active Publication Date: 2018-11-20
JIYANG COLLEGE OF ZHEJIANG A & F UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, in the SEND protocol, malicious nodes cannot steal the addresses of other nodes by forging parameters
However, since CGA needs to discard the wrong parameters after verification, malicious nodes can send a large number of NAs containing wrong CGA parameters to consume the computing resources of the target node, thereby forming a DoS. Therefore, how to prevent malicious NA attacks and reduce host CPU resources Attrition is a big challenge for CGA

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for suppressing malicious NA messages in DAD process suitable for SEND protocol
  • Method for suppressing malicious NA messages in DAD process suitable for SEND protocol
  • Method for suppressing malicious NA messages in DAD process suitable for SEND protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0103] Assuming that the SDN network consists of 1 controller, 2 Openflow switches and 3 hosts, and has been running for a period of time (more than 3 minutes), its topology diagram refers to figure 2 , the configuration of each host is shown in Table 7.

[0104] Table 7

[0105]

[0106] First, the controller issues a flow table to monitor the DAD packets in the network. The flow table is shown in Table 8.

[0107] Table 8

[0108]

[0109] Assuming that host A generates a new link-local address CGAnew by using the CGA address configuration method (for the sake of demonstration, assume that the last 32 bits of CGANEW are cc00-aabb), then send NS to detect duplicate addresses. The format of NS is shown in Table 9 . After receiving the NS, OVS1 sends the Packet_In message to the controller according to the requirements of the flow table, and the controller generates a new entry in the monitoring table according to the Packet_In message and the NS message carried by th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for suppressing malicious NA messages in a DAD process suitable for an SEND protocol, including a controller, a switch, and a host and comprising the steps as follows: an MSDAD-Request message, an MSDAD-Reply response message, and an MSDAD-Feedback message are added; the controller adds a feedback module containing a listener table, a lookup table, and a feedbacktable; the controller sends a flow table to the switch, monitors the NS and NA messages of the DAD process, and receives the MSDAD-Request message and the MSDAD-Reply response message; the host performs address authenticity calculation, and sends a feedback message to the switch; and the switch sends a message to the controller. The invention utilizes the computing power of the host to feed back the attack behavior of the malicious node to the controller, and the controller may suppress the source of the malicious attack according to the feedback result, thereby avoiding the verification of meaningless CGA parameters and consuming CPU resources of the host.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a method for suppressing malicious NA messages in a DAD process applicable to the SEND protocol. Background technique [0002] In order to prevent address spoofing, IETF (Internet Engineering Task Force) proposed the SEND protocol. As an enhanced mechanism of NDP (Neighbor Discovery Protocol, Neighbor Discovery Protocol), the SEND protocol uses methods such as Cryptographically Generated Address (CGA), digital signature, and time stamp to protect NDP messages and prevent IP address theft. CGA is a unique address format of SEND. The generation method is to find the appropriate Modifier value through multiple hash operations by subnet prefix (Subnet Prefix), public key (Public Key), collision count (Collision Count), Modifier (adjustment parameter), and then Then perform a second hash operation, then take the first 64 bits of the 160-bit hash value, and then combine the Sec (Sec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1458H04L63/1466
Inventor 宋广佳陈滨安仲立
Owner JIYANG COLLEGE OF ZHEJIANG A & F UNIV
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com