摘要
端口跳变是移动目标防御典型技术,通过持续改变服务端口来隐藏服务标志和迷惑攻击者。利用SDN逻辑集中控制与网络可编程特性,提出基于端口跳变的SDN网络防御技术。使用SDN控制器承担服务端的端口跳变功能,不但可以减轻服务端负载,而且能提前检测过滤恶意数据包,并能抵御内部攻击者。理论分析与实验结果表明,所提技术对SDN控制器负载增加较少,可有效抵御Do S攻击。
Port hopping was a typical technology of m oving target defense, which constantly changed service port number to hide service identifications and confused potential attackers. Using SDN logically centralized control and network program mable features, this paper proposed a po rt hopping based SDN netw ork defense tech nolog y, which utilized SDN controlle r to im plement port hopping function . This proposed technology not on ly cou ld reduce protected server5 s load caused by port hoppin g , but also could detect and early filte r m a licio us packets. At the same tim e , i t cou ld defend against in te rn a l attackers.T h eoretical analysis and experim ental results show th a t this proposed technology can effectively resist DoS attack w ith o u t addingm uch load on SDN c o n tro lle r in SDN.
作者
唐秀存
张连成
史晓敏
徐良华
Tang Xiucun;Zhang Liancheng;Shi Xiaomin;Xu Lianghua(Jiangnan Institute of Computing Technology, Wuxi Jiangsu 214083 , China;State Key Laboratory of Mathematical Engineering & Advanced Computing, Zhengzhou 450001 , China)
出处
《计算机应用研究》
CSCD
北大核心
2016年第10期3083-3087,共5页
Application Research of Computers
基金
国家青年自然科学基金资助项目(61402525
61402526)
国家"863"计划资助项目(2012AA012902)
关键词
软件定义网络
拒绝服务攻击
端口跳变
移动目标防御
控制器
时间戳反馈
software defined network
denial of service attack
port hopping
moving target defense
controller
timestamp feedback
