UDM:NFV-based prevention mechanism against DDoS attack on SDN controller |
| |
Authors: | Hongyan QIAN Hao XUE Ming CHEN |
| |
Affiliation: | College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China |
| |
Abstract: | DDoS attack extensively existed have been mortal threats for the software-defined networking (SDN) controllers and there is no any security mechanism which can prevent them yet.Combining SDN and network function virtualization (NFV),a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox (UDM) was proposed.The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed,and DDoS attack packets were detected and denied.An NFV-based method of implementing the upfront middlebox was put forward,which made the UDM mechanism be economical and effective.A prototype system based on this mechanism was implemented and lots experiments were tested.The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers. |
| |
Keywords: | DDoS attack controller security SDN and NFV upfront detection middlebox |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|