摘要
广泛存在的分布式拒绝服务(DDoS)攻击对于软件定义网络(SDN)的控制器形成了致命威胁,至今还没有一种安全机制能够防御。将SDN和网络功能虚拟化(NFV)结合,提出了一种新颖的防范DDoS攻击SDN控制器的前置检测中间盒(UDM)机制,在SDN交换机端口与用户主机之间分布式部署UDM以检测并拒止DDoS攻击报文。此外,还提出了一种基于NFV的前置中间盒的实现方法,使这种UDM机制更为经济和有效,实现了基于该机制的原型系统,并对其进行大量测试。实验结果表明,基于NFV的UDM机制能够实时有效地检测和防止对控制器的DDoS攻击。
DDoS attack extensively existed have been mortal threats for the software-defined networking(SDN)controllers and there is no any security mechanism which can prevent them yet.Combining SDN and network function virtualization(NFV),a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox(UDM)was proposed.The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed,and DDoS attack packets were detected and denied.An NFV-based method of implementing the upfront middlebox was put forward,which made the UDM mechanism be economical and effective.A prototype system based on this mechanism was implemented and lots experiments were tested.The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers.
作者
钱红燕
薛昊
陈鸣
QIAN Hongyan;XUE Hao;CHEN Ming(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211106,China)
出处
《通信学报》
EI
CSCD
北大核心
2019年第3期116-124,共9页
Journal on Communications
基金
国家自然科学基金资助项目(No.61772271
No.61379149)~~