Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A ddos ​​attack defense method and defense system of sdn controller

A controller, purpose technology, applied in the field of network security

Active Publication Date: 2020-11-06
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Aiming at the above-mentioned deficiencies in the prior art, a DDoS attack defense method and defense system of an SDN controller provided by the present invention solves how to accurately detect suspicious Packet-in messages under the policy of OpenFlow, and respond to them in real time. The problem of SDN controller attack defense

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A ddos ​​attack defense method and defense system of sdn controller
  • A ddos ​​attack defense method and defense system of sdn controller
  • A ddos ​​attack defense method and defense system of sdn controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0061] Such as figure 1 As shown, a DDoS attack defense method of an SDN controller, the implementation steps are as follows:

[0062] (S1) monitor the SDN network state in real time through the SDN controller, and obtain the Packet-in message arrival rate of the switch and the information entropy of the Packet-in message;

[0063] (S2) according to the Packet-in message arrival rate of described switch and the information entropy of Packet-in message, detect whether there is DDoS attack in current network state, if have, then enter step (S3), otherwise, then give described Packet-in The in message establishes the maximum flow entry Timeout=T max , and enter the step (S4), wherein, Timeout is the timeout value of the switch flow entry, which includes the following steps:

[0064] (a1) the window queue size W and the hash table C at the SDN controller end are emptied;

[0065] (a2) Add the Packet-in message i received by the SDN controller into the window queue, the size of...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a defense method and defense system for SDN controller DDoS attack. Firstly, the attack is detected in two stages, so as to determine whether the DDoS attack exists, and when the attack occurs, the suspicious switch set is screened out by the method of attack location. , after the attack occurs, the malicious Packet-in message is discarded by mitigating the attack, and the flow table space of the switch is protected by setting an appropriate timeout value of the flow entry. The invention solves the problem of accurately detecting suspicious Packet-in messages under the OpenFlow policy, and quickly defends against attacks on the SDN controller, so that normal data packets can obtain better service quality, thereby restoring the normality of the network state and ensure normal packet processing. The invention has high detection speed, high detection precision, simple structure and strong popularization and application value.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a DDoS attack defense method and defense system of an SDN controller. Background technique [0002] As an emerging technology, SDN can effectively solve some problems in traditional networks, such as solving traffic engineering and security problems in traditional networks, but the new features introduced in the SDN architecture also bring new challenges. Before the large-scale commercial application of SDN, there are still a lot of problems to be solved urgently, the most important of which is the security of SDN, and the control plane is the core of SDN. The network is paralyzed. [0003] In the SDN network, the OpenFlow protocol is responsible for establishing a secure channel between the SDN controller and the switch and communicating. The OpenFlow switch uses the flow table as the basis for data forwarding. When the switch receives the message, it searches the flow...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/801
CPCH04L47/12H04L63/1458
Inventor 徐小琼孙罡董刘扬虞红芳许都徐世中
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com