摘要
针对现有技术对某些特定分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检测精度不够的问题,提出了一种防御软件定义网络(Software Defined Network,SDN)中路由欺骗(Route Spoofing,RS)攻击的轻量级解决方案.该方案通过分析路由欺骗产生的原因,在数据平面OpenFlow交换机上设计了选择性阻塞扩展模块,一旦检测器发现RS攻击,交换机将生成的报警包发送给控制器,控制器通过发送转发规则阻止攻击者节点恶意使用其他用户的活动通信路由.仿真结果表明,本文方法可以有效地检测出SDN中的DDoS攻击,相关指标也充分显示了解决方案的可行性和正确性.
Aiming at the problem that the detection accuracy of existing technology is not enough for some specific DDoS attacks,a lightweight solution to defend against route spoofing(RS)attacks in SDN is proposed.By analyzing the causes of route spoofing,the scheme designs a selective blocking extension module on the data plane OpenFlow switch.Once the detector discovers RS attacks,the switch sends the generated alarm packet to the controller,which prevents the attacker node from maliciously using the active communication path of other users by sending forward rules.The simulation results show that the proposed method can effectively detect DDoS attacks in SDN,and the relevant indicators fully show the feasibility and correctness of the solution.
作者
王照
陈恩庆
WANG Zhao;CHEN En-qing(Department of Public Studies, Henan Vocational College of Nursing, Anyang Henan 455000, China;School of Information Engineering, Zhengzhou University, Zhengzhou 450052, China)
出处
《西南师范大学学报(自然科学版)》
CAS
北大核心
2020年第11期93-98,共6页
Journal of Southwest China Normal University(Natural Science Edition)
基金
国家自然科学基金项目(U1804152).
