SDN segmented routing defense method for link flooding attacks

A link flood attack and link technology, which is applied in the field of SDN segment routing defense against link flood attacks, and can solve problems such as lack of defense mechanisms.

Active Publication Date: 2020-01-03
CIVIL AVIATION UNIV OF CHINA
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there is currently no effective defense mechanism against link flooding attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SDN segmented routing defense method for link flooding attacks
  • SDN segmented routing defense method for link flooding attacks
  • SDN segmented routing defense method for link flooding attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but the following embodiments in no way limit the present invention.

[0043] The SDN segment routing defense method of the link flood attack provided by the present invention comprises the following steps carried out in order:

[0044] 1) For a given network topology, construct it as a network model based on a directed graph, and obtain the physical traffic set, capacity and traffic load of the link;

[0045] 2) Use the SDN-based system defense model to monitor the network model constructed in step 1), and judge whether the network model is attacked by LFA and the link is seriously congested. If the judgment result is "Yes", use the SDN controller and Physical traffic set, capacity, and traffic load of the above links segment-routing the network topology; otherwise continue monitoring.

[0046] In step 1), the described construction is based on...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SDN segmented routing defense method for link flooding attacks. The SDN segmented routing defense method comprises the following steps: for a given network topology, constructing the given network topology into a directed graph-based network model, and obtaining an entity flow set, capacity and flow load of a link; monitoring the network model constructed in the step (1)by using an SDN-based system defense model; judging whether the network model is attacked by the LFA and the link is seriously congested or not, and if so, performing segmented routing on the networktopology by utilizing the SDN controller and the entity flow set, the capacity and the flow load of the link; otherwise, continuously monitoring and the like. According to the SDN segmented routing defense method provided by the invention, when the link flooding attack defense is carried out, the congestion load of the attacked link is defibered by utilizing the segmented routing strategy of theSDN, so that a large amount of resource consumption possibly caused by global routing can be avoided, and the link congestion is relieved, and the effective defense of the link flooding attack is achieved.

Description

technical field [0001] The invention belongs to the technical field of network information security, in particular to an SDN (software defined network) segment routing defense method against link flooding attacks. Background technique [0002] Link flooding attack (Link Flooding Attack, LFA) is a new type of DDoS attack (distributed denial of service attack), which has recently attracted great attention from academia and industry. Among them, Coremelt attack and Crossfire attack are regarded as the most threatening LFA. The Coremelt attack is launched in three steps: ① select the target link in the core network; ② select a zombie machine that can generate traffic traversing the target link; ③ generate traffic and flood the target link. Crossfire is an evolution of Coremelt with new concepts of flow density and rolling attacks. Crossfire attacks are usually initiated through four steps: ①Building a link graph; ②Calculating flow density and selecting target links; ③Coordinat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/801
CPCH04L41/12H04L41/145H04L47/12H04L63/1458H04L63/20
Inventor 谢丽霞丁颖杨宏宇
Owner CIVIL AVIATION UNIV OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap