SDN segmented routing defense method for link flooding attacks

A link flood attack and link technology, which is applied in the field of SDN segment routing defense against link flood attacks, and can solve problems such as lack of defense mechanisms.
CN110650141AActive Publication Date: 2020-01-03CIVIL AVIATION UNIV OF CHINA
9 Cites 2 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CIVIL AVIATION UNIV OF CHINA
Publication Date
2020-01-03

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses an SDN segmented routing defense method for link flooding attacks. The SDN segmented routing defense method comprises the following steps: for a given network topology, constructing the given network topology into a directed graph-based network model, and obtaining an entity flow set, capacity and flow load of a link; monitoring the network model constructed in the step (1)by using an SDN-based system defense model; judging whether the network model is attacked by the LFA and the link is seriously congested or not, and if so, performing segmented routing on the networktopology by utilizing the SDN controller and the entity flow set, the capacity and the flow load of the link; otherwise, continuously monitoring and the like. According to the SDN segmented routing defense method provided by the invention, when the link flooding attack defense is carried out, the congestion load of the attacked link is defibered by utilizing the segmented routing strategy of theSDN, so that a large amount of resource consumption possibly caused by global routing can be avoided, and the link congestion is relieved, and the effective defense of the link flooding attack is achieved.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention belongs to the technical field of network information security, in particular to an SDN (software defined network) segment routing defense method against link flooding attacks. Background technique

[0002] Link flooding attack (Link Flooding Attack, LFA) is a new type of DDoS attack (distributed denial of service attack), which has recently attracted great attention from academia and industry. Among them, Coremelt attack and Crossfire attack are regarded as the most threatening LFA. The Coremelt attack is launched in three steps: ① select the target link in the core network; ② select a zombie machine that can generate traffic traversing the target link; ③ generate traffic and flood the target link. Crossfire is an evolution of Coremelt with new concepts of flow density and rolling attacks. Crossfire attacks are usually initiated through four steps: ①Building a link graph; ②Calculating flow density and selecting target links; ③Coordinat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More