摘 要:软件定义网络(SDN)环境下同样会遭受传统网络的低速率拒绝服务攻击(LDoS),如果在网络受到攻击后不能立即采取防御策略,将会给网络带来巨大威胁。为此,根据控制器管理的全局网络拓扑,提出一种基于Packet_in 消息的攻击链路溯源机制,并且通过控制器下发流表封禁攻击端口,达到攻击防御目的。实验结果表明,该方法能够对LDoS 攻击进行有效的防御。
关键词:软件定义网络;低速率拒绝服务攻击;攻击溯源;攻击防御
DOI:10.19850/j.cnki.2096-4706.2021.21.037
中图分类号:TP393 文献标识码:A 文章编号:2096-4706(2021)21-0142-04
Defense Method of Low-rate Denial-of-service Attack under Software-defined Network Environment
LU Xiaobao
(School of Computer Science and Engineering, Anhui University of Science & Technology, Huainan 232001, China)
Abstract: The software-defined network (SDN) environment will also suffer from the low-rate denial-of-service (LDoS) attack of the traditional network. If the defense strategy can not be taken immediately after the network is attacked, it will bring a great threat to the network. Therefore, according to the global network topology managed by the controller, an attack link traceability mechanism based on Packet_in message is proposed, and the controller sends the stream table to block the attack port to achieve the purpose of attack defense. The experimental results show that this method can effectively defend against LDoS attacks.
Keywords: SDN; LDoS attack; attack traceability; attack defense
参考文献:
[1] 颜通,白志华,高镇,等.SDN 环境下的LDoS 攻击检测与防御技术 [J]. 计算机科学与探索,2020,14(4):566-577.
[2] 谢升旭,魏伟,邢长友,等. 面向SDN 拓扑发现的LDoS 攻击防御技术研究 [J]. 计算机工程与应用,2020,56(10):88-93.
[3] 郑正,徐明伟,李琦,等.SDN 网络拓扑污染攻击防御机制研究 [J]. 计算机研究与发展,2018,55(1):207-215.
[4] 刘向举,刘鹏程,路小宝,等. 基于SD-IoT 的DDoS 攻击防御方法 [J]. 计算机工程与设计,2021,42(11):3001-3008.
[5] 赵茹东. 软件定义网络中DDoS 攻击检测和防御技术研究[D]. 南京:南京理工大学,2018.
[6] 钟金,窦万峰,朱恩霞. 基于源的DDoS 攻击的检测与防御技术 [J]. 计算机应用与软件,2005(10):26-27.
作者简介:路小宝(1995—),男,汉族,安徽蚌埠人,硕士研究生在读,研究方向:物联网、软件定义网络。