期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于SDN架构的海量DDOS攻击解决方案研究 被引量:2

Research on a Solution of Massive DDOS Attack Based on SDN Architecture
下载PDF
导出
摘要 本文介绍了一种基于SDN架构的低成本、高性能的海量DDOS攻击解决方案,目前DDOS攻击呈现愈演愈烈的趋势,尤其是IDC内的部分SP频繁遭受天文数字般的DDOS攻击,本方案采用SDN+BGP FLOWSPEC技术,提供一种经济、有效的海量DDOS攻击防护解决方案,对异常攻击流量进行精确控制和丢弃,保护正常流量不受影响。本方案基于开源的Open Day Light SDN架构实施自主开发,构建了一个集中式的异常流量处置控制平台,平台中的SDN控制器一方面解读分析由现网异常流量监测设备所提供的DDOS攻击信息,另一方面通过BGP FLOWSPEC协议,向全网路由设备下发相应的路由策略,实现对DDOS攻击流量的抑制和过滤。 This paper introduces a solution of low cost and high performance SDN architecture of massive DDOS attack based on the current DDOS attacks is growing,especially in the part of SP IDC frequently suffered astronomical DDOS attacks,the program uses SDN+BGP FLOWSPEC technology to provide massive DDOS attack protection an economical and effective solution for precise control and disposal of abnormal attack traffic,protect the normal traffic is not affected. The program developed implementation of open source Open Day Light SDN architecture,constructed a centralized disposal of abnormal traffic control platform,SDN controller platform on the one hand analysis provided by the network traffic anomaly monitoring equipment DDOS attack information,on the other hand through the BGP FLOWSPEC protocol,routing strategy corresponding to send the whole network equipment,realize the suppression and filtering of DDOS attack traffic.
作者 王琴
机构地区 中国电信股份有限公司福建分公司
出处 《现代信息科技》 2017年第5期89-91,共3页 Modern Information Technology
关键词 SDN DDOS 流量攻击 流量监测 SDN DDOS traffic attack traffic monitoring
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

二级参考文献23

  • 1陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897. 被引量:342
  • 2Lakkaraju K, Yurcik W, Lee A J. NVisionIP: NetFlow visualizations of system state for security situational awareness [C] //Proc of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. New York: ACM, 2004:65-72
  • 3Yin Xiaoxin, Yurcik W, Treaster M, et al. VisFlowConnect: NetFlow visualizations of link relationships for security situational awareness [C] //Proc of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. New York: ACM, 2004:26-34
  • 4朱亮,王慧强,郑丽君.网络安全态势可视化研究评述[OL].[2008-01-08].http://www.paper.edu.cn/downloadpaper.php?serial_number=200607-36
  • 5Bass T. Intrusion detection systems & multisensor data fusion: Creating Cyberspace Situational Awareness [J].Communications of the ACM, 2000, 43(4): 99-105
  • 6D'Ambrosio B. Security situation assessment and response evaluation (SSARE) [C]//DISCEX'01. Proceedings: DARPA Information Survivability Conference & Exposition Ⅱ. Los Alamitos: IEEE Computer Society, 2001:387-394
  • 7Gorodetsky V, Karsaev O, Samoilov V. On-line update of situation assessment based on asynchronous data streams [C]//Knowledge Based Intelligent Information and Engineering Systems. Berlin/Heidelberg: Springer, 2004 : 1136-1142
  • 8Yegneswaran V, Barford P, Paxson V. Using Honeynets for Internet situational awareness [C/OL]//Proc of ACM/USENIX Hotnets Ⅳ. 2005 [2008-01-12]. http://www. icir. org/vern/papers/sit-aware-hotnet05. pdf
  • 9Dempster A P. Upper and lower probabilities induced by a multi-valued mapping [J]. Annals of Mathematical Statistics, 1967, 38(2): 325-339
  • 10Sharer G. A Mathematical Theory of Evidence [M]. Princeton: Princeton University Press, 1976

共引文献239

同被引文献10

引证文献2

二级引证文献9

现代信息科技
2017年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部