[1]闫巧,龚庆祥,于非.软件定义网络中的分布式拒绝服务攻击抑制模型[J].深圳大学学报理工版,2017,34(No.6(551-660)):596-603.
 Yan Qiao,Gong Qingxiang,and Yu Fei.The inhibition model of DDoS attacks in SDN networks[J].Journal of Shenzhen University Science and Engineering,2017,34(No.6(551-660)):596-603.
点击复制

软件定义网络中的分布式拒绝服务攻击抑制模型()
分享到:

《深圳大学学报理工版》[ISSN:1000-2618/CN:44-1401/N]

卷:
第34卷
期数:
2017年No.6(551-660)
页码:
596-603
栏目:
电子与信息科学
出版日期:
2017-11-30

文章信息/Info

Title:
The inhibition model of DDoS attacks in SDN networks
作者:
闫巧龚庆祥于非
深圳大学计算机与软件学院,广东深圳 518060
Author(s):
Yan Qiao Gong Qingxiang and Yu Fei
College of Computer Science and Software Engineering, Shenzhen University, Shenzhen518060, Guangdong Province, P.R.China
关键词:
通信系统软件定义网络OpenFlow分布式拒绝服务攻击模糊综合评判决策模型
Keywords:
communication system software defined networking OpenFlow distributed denial of service attack attacks fuzzy synthetic evaluation decision-making model
文献标志码:
A
摘要:
针对软件定义网络(software defined network, SDN)中控制器受到分布式拒绝服务攻击(distributed denial of service, DDoS)致使SDN网络可能面临单点失效的危险威胁,提出抑制SDN网络中DDoS攻击的模型.该模型主要是在SDN应用层上扩展DDoS检测模块和MSlot算法模块.在DDoS攻击检测上,DDoS检测模块采用模糊综合评判决策模型,通过综合多个流特征指标实时检测DDoS的发生并使用DDoS综合评判分数描述DDoS攻击的强度.在应对DDoS攻击流策略上,MSlot算法模块根据检测结果采取相应的时间片分配策略,确保SDN网络在DDoS攻击下可有效保护合法用户的通信.为测试DDoS抑制模型,通过仿真模拟不同攻击强度的DDoS攻击.不同强度的DDoS攻击结果表明,在SDN网络中,相比某些基于单因素评判指标的DDoS攻击检测算法,DDoS检测模块采用模糊综合评判决策模型在检测率和精确度上更有优势;在DDoS攻击时,MSlot算法模块根据检测结果采取相应的时间片分配策略相比某些只使用多个逻辑队列轮询机制的SDN控制器调度算法可更有效地保护合法用户的通信质量.
Abstract:
In software defined networking (SDN), the controller can suffer from distributed denial of service (DDoS) attack, which may cause the threat of single point of failure. In this paper, a model is proposed to defend against DDoS attacks in SDN. In the proposed model, DDoS detection module and MSlot algorithm module are extended in the application layer. For DDoS attack detection, DDoS detection module is based on fuzzy synthetic evaluation decision-making model. It can detect the occurrence of DDoS in real time according to the multiple flow characteristic indexes and use the DDoS comprehensive evaluation scores to describe the strength of the DDoS attack. For the strategy to defeat DDoS attacks, MSlot algorithm module is designed to decide when to apply the time slice allocation strategy according to the detection result from DDoS detection module. The strategy can effectively protect the communication of legitimate users under the DDoS attacks. In order to test the model, we simulated DDoS attacks with different intensities. The results from different intensities of DDoS attacks show that in SDN networks, compared with some other DDoS attacks detection algorithms based on single flow characteristic index, ‘DDoS detection module’ has a better advantage in the detection rate and accuracy by using the fuzzy comprehensive evaluation decision model; Compared with some other SDN controller scheduling algorithms which only use multiple logical queue and polling mechanism, the communication quality of legitimate users can be protected more effectively by MSlot algorithm module.

相似文献/References:

[1]宋小全,胡鹏,宋福晓.基于随机网络编码的无线网络可靠性研究[J].深圳大学学报理工版,2014,31(No.1(001-110)):52.[doi:10.3724/SP.J.1249.2014.01052]
 Song Xiaoquan,Hu Peng,and Song Fuxiao.Research on reliability based on random network coding in wireless network[J].Journal of Shenzhen University Science and Engineering,2014,31(No.6(551-660)):52.[doi:10.3724/SP.J.1249.2014.01052]

更新日期/Last Update: 2017-10-10