SDN环境中基于端址跳变的DDoS防御方法  被引量:4

A DDoS defense method based on port and address hopping in SDN

在线阅读下载全文

作  者:吴桦 陈廷政[1,2,4] Wu Hua;Chen Tingzhen(School of Cyber Science and Engineering,Southeast University,Jiangsu Nanjing 211189;International governance research base of Cyberspace(Southeast University),Jiangsu Nanjing 211189;Purple Mountain Laboratories for Network and Communication Security,Jiangsu Nanjing 211111;Key Laboratory of Computer Network and Information Integration of Ministry of Education(Southeast University),Jiangsu Nanjing 211189)

机构地区:[1]东南大学网络空间安全学院,江苏南京211189 [2]网络空间国际治理研究基地(东南大学),江苏南京211189 [3]网络通信与安全紫金山实验室,江苏南京211111 [4]教育部计算机网络和信息集成重点实验室(东南大学),江苏南京211189

出  处:《网络空间安全》2020年第8期17-22,共6页Cyberspace Security

摘  要:为了保护关键基础设施的服务器免受DDoS攻击,文章引入移动目标防御技术,提出了一种SDN环境下基于端址跳变的DDoS防御方法。使用基于双重Counter Bloom Filter的DDoS攻击检测算法持续监测并快速发现DDoS攻击,SDN控制器通过下发流表过滤恶意流量,并通知可信客户端按照轮询策略从端址映射表中选择新的服务器虚拟IP地址及端口进行通信,实现服务器端址跳变躲避DDoS攻击。实验表明,该方法不仅能快速检测出DDoS攻击,并且能够有效缓解DDoS攻击带来的影响。To protect the servers of key infrastructure from DDoS attacks,this paper introduces the Moving Target Defense strategy,and proposes a DDoS defense method based on port and address hopping in SDN network.The DDoS attack detection algorithm based on a double counter bloom filter is used to continuously and rapidly monitor DDoS attacks.SDN controller filters malicious traffic by inserting flow rules into corresponding switches and informs trusted clients to select a pair of virtual IP address and port of server from the port and address mapping table according to the polling strategy for communication,so as to dynamically change server's IP address and port to evade DDoS attacks.Experiments show that this method can detect not only DDoS attacks efficiently,but also mitigate the impact of DDoS attacks effectively.

关 键 词:软件定义网络 移动目标防御 端址跳变 DDOS防御 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象