基于Renyi熵的Openflow信道链路泛洪攻击主动防御方法

针对新型链路泛洪攻击,提出一种基于Renyi熵的Openflow信道链路泛洪攻击主动防御方法。运用Renyi熵分析攻击者在构建Openflow信道Linkmap过程中产生的ICMP超时报文数量变化。一旦出现攻击前兆由流量监控服务器向控制器发出攻击预警,控制器启动交换机-控制器连接迁移机制,将交换机迁移至新的控制器下并使用新的Openflow信道与之通信。实验证明,主动防御方法能有效避免控制器与交换机之间通信链路受到链路泛洪攻击的影响,确保控制器和交换机能持续交互提供网络服务,增强了SDN网络的健壮性。

Active defense method of Openflow channel link flooding attack based on Renyi entropy

For defending the new link flooding attack, this paper proposed an active defense method of Openflow channel link flooding based on Renyi entropy. Analyzing the changes in the number of ICMP timeout messages produced by an attacker in the construction of the Openflow channel Linkmap from Renyi entropy. Once attacks precursor was detected, flow monitoring server sends an attack warning to the controller, then controller start switch-controller connection migration mechanism, migrate the switch to a new controller and communicate with the new Openflow channel. Experimental results show that the active defense method can effectively avoid the impact of link flooding attack between controller and switch and ensure that controller and switch can provide continuous network services and enhance the robustness of SDN network.