摘要
针对新型链路泛洪攻击,提出一种基于Renyi熵的OpenFlow信道链路泛洪攻击主动防御方法。运用Renyi熵分析攻击者在构建OpenFlow信道linkmap过程中产生的ICMP超时报文数量变化。一旦出现攻击前兆,由流量监控服务器向控制器发出攻击预警,控制器启动交换机—控制器连接迁移机制,将交换机迁移至新的控制器下,并使用新的OpenFlow信道与之通信。实验证明,主动防御方法能有效避免控制器与交换机之间通信链路受到链路泛洪攻击的影响,确保控制器和交换机能持续交互提供网络服务,增强了SDN的健壮性。
For defending the new link flooding attack,this paper proposed an active defense method of OpenFlow channel link flooding based on Renyi entropy.It analyzed the changes in the number of ICMP timeout messages produced by an attacker in the construction of the OpenFlow channel linkmap from Renyi entropy.It detected once attacks precursor,flow monitoring ser- ver sent an attack warning to the controller,then controller started switch-controller connection migration mechanism,migrated the switch to a new controller and communicated with the new OpenFlow channel.Experimental results show that the active defense method can effectively avoid the impact of link flooding attack between controller and switch, and ensure that controller and switch can provide continuous network services and enhance the robustness of SDN.
作者
蔡佳晔
张红旗
宋佳良
Cai Jiaye;Zhang Hongqi;Song Jialiang(Information Engineering University,Zhengzhou 450001,China)
出处
《计算机应用研究》
CSCD
北大核心
2019年第6期1767-1770,1775,共5页
Application Research of Computers
基金
国家“863”计划资助项目(2012AA012704)
郑州市科技领军人才资助项目(131PLJRC644)
