摘要
针对SDN网络控制平面资源耗尽的新型DDoS攻击方式,设计并实现SDN网络环境下基于卡方检验的DDoS攻击防御系统。通过检测Packet_In消息上传加速度的异常来触发DDoS攻击检测模块;DDoS攻击检测模块收集Packet_In消息携带的信息,结合卡方检验检测DDoS攻击并筛选攻击源;根据攻击源的信息,下发应对DDoS攻击的流表,有效缓解DDoS攻击造成的网络拥塞。研究结果表明,设计的防御系统能够准确检测并有效防御DDoS攻击,对于SDN网络环境的安全保护具有重要意义。
In response to a new distributed denial of service(DDoS)attack which depletes resources in control plane,a DDoS attack defense system based on Chi-squared test was designed and implemented in software defined networks(SDN)environment.The DDoS attack detection module was triggered through detecting the abnormal upload acceleration of Packet_In messages.The information of Packet_In messages was collected through DDoS attack detection module,and the DDoS attack and the sources of the attack were detected by combining Chi-squared test.The flow entries were issued to respond DDoS attack to effectively mitigate network congestion which caused by DDoS attack.Experimental results show that the defense system is effective and accurate in detecting DDoS attacks,and it is of great significance for the protection of SDN network environment.
作者
王杨俊杰
解忧
张卫涛
WANG Yang-jun-jie;XIE You;ZHANG Wei-tao(Department of Applied Physics,College of Sciences,Xi’an University of Science and Technology,Xi’an 710054,China)
出处
《计算机工程与设计》
北大核心
2018年第9期2743-2747,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(11504292)
中国博士后科学基金项目(2014M560798)
