DDoS attack defense method and defense system of SDN controller

A controller and message technology, applied in the field of network security

Active Publication Date: 2019-04-12
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the above-mentioned deficiencies in the prior art, a DDoS attack defense method and defense system of an SDN controller provided by the present invention solves how to accurately detect suspicious Packet-in messages under the policy of OpenFlow, and respond to them in real time. The problem of SDN controller attack defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attack defense method and defense system of SDN controller
  • DDoS attack defense method and defense system of SDN controller
  • DDoS attack defense method and defense system of SDN controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0063] like figure 1 As shown, a DDoS attack defense method of an SDN controller, the implementation steps are as follows:

[0064] (S1) monitor the SDN network state in real time through the SDN controller, and obtain the Packet-in message arrival rate of the switch and the information entropy of the Packet-in message;

[0065] (S2) according to the Packet-in message arrival rate of described switch and the information entropy of Packet-in message, detect whether there is DDoS attack in current network state, if have, then enter step (S3), otherwise, then give described Packet-in The in message establishes the maximum flow entry Timeout=T max , and enter the step (S4), wherein, Timeout is the timeout value of the switch flow entry, which includes the following steps:

[0066] (a1) empty the window queue size and the hash table C at the SDN controller end;

[0067] (a2) Add the Packet-in message i received by the SDN controller into the window queue, the size of the window...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DDoS attack defense method and defense system of an SDN controller. Firstly, the attack is detected in two stages to judge whether a DDoS attack exists, a suspicious switch set is filtered by an attack positioning method when the attack occurs, after the attack occurs, a malicious Packet-in message is discarded by alleviating the attack, and a switch flow table space is protected by setting an appropriate flow table entry Timeout value. By adoption of the DDoS attack defense method and defense system provided by the invention, the problem of accurately detecting the suspicious Packet-in message under an OpenFlow policy is solved, attack defense is performed on the SDN controller as soon as possible, so that a normal data packet can obtain better quality of service,therefore, the normal state of the network is restored, and correct data packet processing is ensured. The DDoS attack defense method and defense system provided by the invention have the advantagesof high detection speed, high detection precision, simple structure and high popularization and application values.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a DDoS attack defense method and defense system of an SDN controller. Background technique [0002] As an emerging technology, SDN can effectively solve some problems in traditional networks, such as solving traffic engineering and security problems in traditional networks, but the new features introduced in the SDN architecture also bring new challenges. Before the large-scale commercial application of SDN, there are still a lot of problems to be solved urgently, the most important of which is the security of SDN, and the control plane is the core of SDN. The network is paralyzed. [0003] In the SDN network, the OpenFlow protocol is responsible for establishing a secure channel between the SDN controller and the switch and communicating. The OpenFlow switch uses the flow table as the basis for data forwarding. When the switch receives the message, it searches the flow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/801
CPCH04L47/12H04L63/1458
Inventor 徐小琼孙罡董刘扬虞红芳许都徐世中
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap