System and method for detecting and relieving ARP attacks based on SDN cloud environment

Abstract

The invention provides a system and method for detecting and relieving ARP attacks based on an SDN cloud environment. The system comprises a network information maintenance module, a real-time detection and defense module, a timing monitoring and relieving module and a flow table item control module. The method comprises a starting stage; acquiring network information; detecting and defending an ARP attack stage in real time; and regularly monitoring and relieving an ARP attack stage. SDN technology is used in the invention, an ARP request packet and an ARP reply packet are detected; ARP spoofing attacks are detected in real time by analyzing ARP packets; a forged packet is discarded to prevent damage of ARP spoofing attack to the host; in addition, ARP storm attacks can be distinguished by regularly acquiring ARP flow and detecting flow statistical data of ports of the edge SDN switch, the flow of the corresponding ports can be timely blocked, the influence of the ARP storm attacks on the cloud network is relieved, and the security of the cloud computing network is comprehensively protected.

Description

technical field [0001] The invention belongs to the technical field of network security, relates to a cloud network security technology, in particular to an address resolution protocol (ARP) attack detection and mitigation system based on a software-defined network (SDN) and an implementation method thereof. Background technique [0002] Cloud computing is a widely used form of providing services. Users can obtain servers, platforms, applications and other computing resources from the resource pool provided by cloud providers on demand. On the cloud, users can store data and use services conveniently and safely, because the cloud provider will be responsible for the maintenance of the cloud platform, and will also use various technologies to ensure the security of the services used by users. Therefore, cloud computing has become the most basic technology that companies around the world rely on. At the same time, cloud network security is also a current hot issue. [0003] A...

AI Technical Summary

Problems solved by technology

Some solutions are aimed at specific dynamic IP allocation scenarios or specific static IP allocation scenarios, which cannot meet the flexibility and variability of cloud networks

Some solutions need to set up an independent server to assist the controller in handling ARP security in the cloud network, which further increases the complexity of the complex cloud network environment

There are also solutions that extract the attack traffic characteristics from a large number of ARP attacks to detect the security of ARP traffic, but the accuracy of such solutions is not 100%.

Obviously, the existing methods for preventing ARP attacks have their own defects and cannot meet the increasing network security requirements.

Images