作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (11): 148-156. doi: 10.19678/j.issn.1000-3428.0055831

• 网络空间安全 • 上一篇    下一篇

一种面向SDN的跨平面协作DDoS检测与防御方法

曹永轶1, 金伟正1, 吴静1, 罗威2, 朱博1   

  1. 1. 武汉大学 电子信息学院, 武汉 430072;
    2. 中国舰船研究设计中心, 武汉 430064
  • 收稿日期:2019-08-27 修回日期:2019-11-06 发布日期:2019-11-26
  • 作者简介:曹永轶(1996-),男,硕士研究生,主研方向为软件定义网络、网络安全;金伟正(通信作者)、吴静,副教授;罗威,高级工程师;朱博,工程师、博士。
  • 基金资助:
    国家重点研发计划(2017YFB0504103)。

A DDoS Detection and Defense Method Based on Cross Plane Cooperation for SDN

CAO Yongyi1, JIN Weizheng1, WU Jing1, LUO Wei2, ZHU Bo1   

  1. 1. School of Electronic Information, Wuhan University, Wuhan 430072, China;
    2. China Ship Development and Design Center, Wuhan 430064, China
  • Received:2019-08-27 Revised:2019-11-06 Published:2019-11-26

摘要: 在软件定义网络(SDN)架构下,传统的分布式拒绝服务(DDoS)攻击检测机制多数是基于中间插件或SDN控制器,不仅缺乏网络全局范围的监控信息,还存在较大的南向接口通信开销和检测延迟。为此,提出一种SDN架构下跨平面协作的DDoS攻击检测与防御方法。该方法利用OpenFlow交换机CPU的计算能力,将一部分检测任务从控制平面卸载到数据平面,进而通过数据平面粗粒度方法和控制平面细粒度方法配合协作完成整个检测,控制器根据检测结果制定网络全局范围的防御策略。实验结果表明,相比支持向量机方法,该方法提高了检测效率和准确率,减小了检测延迟和南向接口通信开销,并降低了控制器CPU负荷。

关键词: 分布式拒绝服务攻击, 软件定义网络, 跨平面协作, OpenFlow协议, K-means算法

Abstract: In the Software Defined Network(SDN) architecture,most of the traditional Distributed Denial of Service(DDoS) attack detection mechanisms are based on the middle plug-ins or SDN controllers,which lacks the global network monitoring information and generates the high southbound interface communication overhead and detection delay.To address the problem,this paper proposes a DDoS attack detection and defense method based on cross plane cooperation in SDN architecture.The method uses the computing power of CPU of OpenFlow switch to offload part of the detection task from the control plane to the data plane,and then complete the whole detection task through the cooperation of the coarse-grained method of the data plane and the fine-grained method of the control plane.Based on the detection result,the controller formulates the defense strategy of the global scope of the network.Experimental results show that compared with the Support Vector Machine(SVM) method,the proposed method improves the detection efficiency and accuracy,decreases the detection delay and southbound interface communication overhead,and reduces the CPU load of the controller.

Key words: Distributed Denial of Service(DDoS) attack, Software Defined Network(SDN), cross plane cooperation, OpenFlow protocol, K-means algorithm

中图分类号: