| 面向SDN拓扑发现的LDoS攻击防御技术研究 |
| |
| 引用本文: | 谢升旭,魏伟,邢长友,张国敏.面向SDN拓扑发现的LDoS攻击防御技术研究[J].计算机工程与应用,2020,56(10):88-93. |
| |
| 作者姓名: | 谢升旭 魏伟 邢长友 张国敏 |
| |
| 作者单位: | 1.陆军工程大学 指挥控制工程学院,南京 210007
2.中国人民解放军31106部队 |
| |
| 基金项目: | 中国博士后科学基金;国家自然科学基金 |
| |
| 摘 要: | 准确获取网络拓扑是软件定义网络(Software?Defined?Network,SDN)中控制器进行有效决策的前提,而现有拓扑发现机制难以有效应对低速率拒绝服务(Low rate Denial of Service,LDoS)攻击等行为。通过理论和实验分析LDoS攻击对SDN拓扑发现造成的影响,提出了一种面向SDN拓扑发现的LDoS攻击防御机制TopoGuard。TopoGuard根据LDoS攻击的周期性特征,通过连续突发检测快速发现存在的疑似攻击场景,并基于主动链路识别策略避免攻击行为造成网络拓扑中断。最后,在OpenDaylight控制器上实现了TopoGuard。实验结果显示,TopoGuard能够有效检测和防御LDoS攻击行为,保证控制器获取全局拓扑信息的正确性。
|
| 关 键 词: | 低速率DoS攻击 SDN架构 拓扑发现 连续突发检测 |
Research on LDoS Attack Defense Technology for SDN Topology Discovery |
| |
| XIE Shengxu,WEI Wei,XING Changyou,ZHANG Guomin.Research on LDoS Attack Defense Technology for SDN Topology Discovery[J].Computer Engineering and Applications,2020,56(10):88-93. |
| |
| Authors: | XIE Shengxu WEI Wei XING Changyou ZHANG Guomin |
| |
| Affiliation: | 1.College of Command & Control Engineering, Army Engineering University of PLA, Nanjing 210007, China
2.Unit 31106 of PLA, China |
| |
| Abstract: | Acquiring network topology accurately is important for Software?Defined?Network(SDN) controller to make effective control decisions. However, the current network topology discovery mechanisms are vulnerable to attacks such as the Low rate Denial of Service(LDoS) attack. In this paper, the influence of LDoS attack on the SDN topology discovery mechanism is analyzed theoretically and experimentally, and an LDoS attack defense mechanism for SDN topology discovery named TopoGuard is proposed. According to the periodic characteristics of LDoS attacks, TopoGuard uses the continuous burst detection method to detect the suspected attack scenarios quickly, and then avoids the network topology interruption caused by attacks based on the active link identification method. Finally, the TopoGuard mechanism is implemented on OpenDaylight controller. The experimental results show that TopoGuard can effectively detect and defend against LDoS attacks and ensure the correctness of the global topology information acquired by the controller. |
| |
| Keywords: | low rate DoS attack SDN architecture topology discovery continuous burst detection |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
