SDN中面向流表溢出攻击检测的网络遥测调度方法  

作　　者：邓笛 崔允贺 申国伟 郭春 陈意[1,2,3] 钱清 Deng Di;Cui Yunhe;Shen Guowei;Guo Chun;Chen Yi;Qian Qing(State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China;Engineering Research Center of Text Computing&Cognitive Intelligence,Ministry of Education,College of Computer Science&Technology,Guizhou University,Guiyang 550025,China;Provincial Key Laboratory of Software Engineering and Information Security,College of Computer Science&Technology,Guizhou University,Guiyang 550025,China;School of Information,Guizhou University of Finance&Economics,Guiyang 550025,China)

机构地区：[1]贵州大学公共大数据国家重点实验室,贵阳550025 [2]贵州大学计算机科学与技术学院文本计算与认知智能教育部工程研究中心,贵阳550025 [3]贵州大学计算机科学与技术学院贵州省软件工程与信息安全特色重点实验室,贵阳550025 [4]贵州财经大学信息学院,贵阳550025

出　　处：《计算机应用研究》2024年第11期3464-3470,共7页Application Research of Computers

基　　金：国家自然科学基金资助项目(62102111);贵州省科技计划资助项目(黔科合基础-ZK[2022]重点011);贵州省高等学校大数据安全与网络安全创新团队资助项目(黔教技[2023]052号)。

摘　　要：针对基于固定周期或特定事件调度的网络遥测在流表溢出攻击检测中产生的数据冗余问题,提出了一种面向流表溢出攻击检测的网络遥测调度方法——F-Sense INT。F-Sense INT通过分析流表溢出攻击流的特征,在数据平面针对性地收集对用于流表溢出攻击检测的网络状态信息,在降低控制器资源及南向通道带宽占用的前提下减少遥测报告量。实验结果表明,与原生OVS系统相比,在仅增加1.13%的交换机CPU占用率和4.18%的内存占用率的情况下,F-Sense INT能有效地过滤网络中的非流表溢出攻击流,使遥测数据包数量减少。F-Sense INT显著提升了面向流表溢出攻击检测的网络遥测效率,同时也具备了较高的实用性。This paper proposed a network telemetry scheduling method,F-Sense INT,aimed at solving the data redundancy issue caused by network telemetry scheduling based on fixed periods or specific event scheduling for detecting flow table overflow attacks.F-Sense INT analyzed the characteristics of flow table overflow attack traffic flows and collected network state information used for detecting such attacks.F-Sense INT decreased telemetry reporting volume while reducing the use of controller resources consumption and southbound channel bandwidth consumption.Experimental results demonstrate that F-Sense INT effectively filters out non-flow table overflow attack flows in the network.It reduces the quantity of telemetry data packets compared to the native OVS system,with only a 1.13%increase in switches CPU utilization and a 4.18%increase in memory usage.F-Sense INT significantly enhances network telemetry efficiency in the context of flow table overflow attack detection and offers high practicality.

关 键 词：网络遥测 流表溢出攻击 数据平面 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]