A sdn segment routing defense method against link flooding attack

A link flooding attack and link technology, which is applied in the field of SDN segment routing defense against link flooding attacks, can solve problems such as lack of defense mechanisms, and achieve avoiding massive resource consumption, alleviating link congestion, and defending link Effects of Flooding Attacks

Active Publication Date: 2021-08-17
CIVIL AVIATION UNIV OF CHINA
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there is currently no effective defense mechanism against link flooding attacks.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sdn segment routing defense method against link flooding attack
  • A sdn segment routing defense method against link flooding attack
  • A sdn segment routing defense method against link flooding attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but the following embodiments in no way limit the present invention.

[0043] The SDN segment routing defense method of the link flood attack provided by the present invention comprises the following steps carried out in order:

[0044] 1) For a given network topology, construct it as a network model based on a directed graph, and obtain the physical traffic set, capacity and traffic load of the link;

[0045] 2) Use the SDN-based system defense model to monitor the network model constructed in step 1), and judge whether the network model is attacked by LFA and the link is seriously congested. If the judgment result is "Yes", use the SDN controller and Physical traffic set, capacity, and traffic load of the above links segment-routing the network topology; otherwise continue monitoring.

[0046] In step 1), the described construction is based on...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A SDN segment routing defense method against link flooding attacks. It includes, for a given network topology, constructing it as a network model based on a directed graph, and obtaining the physical traffic set, capacity and traffic load of the link; using the SDN-based system defense model to construct the network in step 1) The network model is monitored and judged whether the network model is attacked by LFA and the link is seriously congested. If the judgment result is "yes", the network topology is analyzed by using the SDN controller and the physical traffic collection, capacity and traffic load of the above link. Segment routing; otherwise, proceed to monitoring and other steps. The method of the present invention utilizes the segmented routing strategy of SDN to relieve the congestion load of the attacked link when carrying out link flood attack defense, which can avoid a large amount of resource consumption that may be caused by global routing, alleviate link congestion, and thus achieve Effective defense against flooding attacks.

Description

technical field [0001] The invention belongs to the technical field of network information security, in particular to an SDN (software defined network) segment routing defense method against link flooding attacks. Background technique [0002] Link flooding attack (Link Flooding Attack, LFA) is a new type of DDoS attack (distributed denial of service attack), which has recently attracted great attention from academia and industry. Among them, Coremelt attack and Crossfire attack are regarded as the most threatening LFA. The Coremelt attack is launched in three steps: ① select the target link in the core network; ② select a zombie machine that can generate traffic traversing the target link; ③ generate traffic and flood the target link. Crossfire is an evolution of Coremelt with new concepts of flow density and rolling attacks. Crossfire attacks are usually initiated through four steps: ①Building a link graph; ②Calculating flow density and selecting target links; ③Coordinat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24H04L12/801
CPCH04L41/12H04L41/145H04L47/12H04L63/1458H04L63/20
Inventor 谢丽霞丁颖杨宏宇
Owner CIVIL AVIATION UNIV OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap