摘要
软件定义网络(SDN)环境下同样会遭受传统网络的低速率拒绝服务攻击(LDoS),如果在网络受到攻击后不能立即采取防御策略,将会给网络带来巨大威胁。为此,根据控制器管理的全局网络拓扑,提出一种基于Packet;n消息的攻击链路溯源机制,并且通过控制器下发流表封禁攻击端口,达到攻击防御目的。实验结果表明,该方法能够对LDoS攻击进行有效的防御。
The software-defined network (SDN) environment will also suffer from the low-rate denial-of-service (LDoS) attack of the traditional network.If the defense strategy can not be taken immediately after the network is attacked,it will bring a great threat to the network.Therefore,according to the global network topology managed by the controller,an attack link traceability mechanism based on Packet_in message is proposed,and the controller sends the stream table to block the attack port to achieve the purpose of attack defense.The experimental results show that this method can effectively defend against LDoS attacks.
作者
路小宝
LU Xiaobao(School of Computer Science and Engineering,Anhui University of Science&Technology,Huainan 232001,China)
出处
《现代信息科技》
2021年第21期142-145,共4页
Modern Information Technology
