System and method for detecting and relieving ARP attacks based on SDN cloud environment

A cloud environment, ARP request technology, applied in the field of network security, can solve problems such as the inability to meet the flexibility and variability of cloud networks, inability to meet network security requirements, and increase the complexity of cloud network environments, so as to monitor and mitigate ARP storm attacks. , the effect of reducing transmission and processing, and ensuring the accuracy of information
CN110247899AActive Publication Date: 2019-09-17NANJING UNIV
4 Cites 5 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
NANJING UNIV
Publication Date
2019-09-17

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides a system and method for detecting and relieving ARP attacks based on an SDN cloud environment. The system comprises a network information maintenance module, a real-time detection and defense module, a timing monitoring and relieving module and a flow table item control module. The method comprises a starting stage; acquiring network information; detecting and defending an ARP attack stage in real time; and regularly monitoring and relieving an ARP attack stage. SDN technology is used in the invention, an ARP request packet and an ARP reply packet are detected; ARP spoofing attacks are detected in real time by analyzing ARP packets; a forged packet is discarded to prevent damage of ARP spoofing attack to the host; in addition, ARP storm attacks can be distinguished by regularly acquiring ARP flow and detecting flow statistical data of ports of the edge SDN switch, the flow of the corresponding ports can be timely blocked, the influence of the ARP storm attacks on the cloud network is relieved, and the security of the cloud computing network is comprehensively protected.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the technical field of network security, relates to a cloud network security technology, in particular to an address resolution protocol (ARP) attack detection and mitigation system based on a software-defined network (SDN) and an implementation method thereof. Background technique

[0002] Cloud computing is a widely used form of providing services. Users can obtain servers, platforms, applications and other computing resources from the resource pool provided by cloud providers on demand. On the cloud, users can store data and use services conveniently and safely, because the cloud provider will be responsible for the maintenance of the cloud platform, and will also use various technologies to ensure the security of the services used by users. Therefore, cloud computing has become the most basic technology that companies around the world rely on. At the same time, cloud network security is also a current hot issue.

[0003] A...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More