System and method for detecting and mitigating arp attacks based on sdn cloud environment

Abstract

The present invention provides a system and method for detecting and mitigating ARP attacks based on an SDN cloud environment. The system includes: a network information maintenance module, a real-time detection and defense module, a timing monitoring and mitigation module, and a flow entry control module; the method includes: The start-up stage; the stage of obtaining network information; the stage of real-time detection and defense of ARP attacks; the stage of regular monitoring and mitigation of ARP attacks. The present invention uses SDN technology to detect ARP request packets and ARP reply packets, detects ARP spoofing attacks in real time by analyzing ARP packets, and then discards forged packets to prevent ARP spoofing attacks from harming the host, and can also obtain ARP traffic at regular intervals to detect The traffic statistics data of the port of the edge SDN switch can identify the ARP storm attack, and can block the traffic of the corresponding port in time, alleviate the impact of the ARP storm attack on the cloud network, and comprehensively protect the security of the cloud computing network.

Description

technical field [0001] The invention belongs to the technical field of network security, relates to a cloud network security technology, in particular to an address resolution protocol (ARP) attack detection and mitigation system based on a software-defined network (SDN) and an implementation method thereof. Background technique [0002] Cloud computing is a widely used form of providing services. Users can obtain servers, platforms, applications and other computing resources from the resource pool provided by cloud providers on demand. On the cloud, users can store data and use services conveniently and safely, because the cloud provider will be responsible for the maintenance of the cloud platform, and will also use various technologies to ensure the security of the services used by users. Therefore, cloud computing has become the most basic technology that companies around the world rely on. At the same time, cloud network security is also a current hot issue. [0003] A...

AI Technical Summary

Problems solved by technology

Some solutions are aimed at specific dynamic IP allocation scenarios or specific static IP allocation scenarios, which cannot meet the flexibility and variability of cloud networks

Some solutions need to set up an independent server to assist the controller in handling ARP security in the cloud network, which further increases the complexity of the complex cloud network environment

There are also solutions that extract the attack traffic characteristics from a large number of ARP attacks to detect the security of ARP traffic, but the accuracy of such solutions is not 100%.

Obviously, the existing methods for preventing ARP attacks have their own defects and cannot meet the increasing network security requirements.

Images