基于探测间隔变化的OpenFlow交换机超时嗅探方法  

作　　者：杨致远 崔允贺 陈意 郭春[1,2,3,4] YANG Zhiyuan;CUI Yunhe;CHEN Yi;GUO Chun(College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;State Key Laboratory of Public Big Data,Guiyang 550025,China;Engineering Research Center of Text Computing&Cognitive Intelligence,Ministry of Education,Guiyang 550025,China;Key Laboratory of Software Engineering and Information Security in Guizhou Province,Guiyang 550025,China)

机构地区：[1]贵州大学计算机科学与技术学院,贵阳550025 [2]公共大数据国家重点实验室,贵阳550025 [3]文本计算与认知智能教育部工程研究中心,贵阳550025 [4]贵州省软件工程与信息安全特色重点实验室,贵阳550025

出　　处：《信息网络安全》2025年第2期295-305,共11页Netinfo Security

基　　金：国家自然科学基金[62462010];国家重点研发计划[2023YFC3304500];贵州省科技重大专项[黔科合重大专项字[2024]003];贵州省高等学校大数据安全与网络安全创新团队资助项目[黔教技[2023]052号]。

摘　　要：软件定义网络(SDN)通过分离控制平面和数据平面实现了网络的集中化、可编程化和灵活化。但这种架构也使SDN面临新的攻击威胁,针对SDN交换机的超时嗅探是其面临的主要安全威胁之一。现有的超时嗅探方法忽略了超时的最大值、探测包的生成时间以及超时之间的关系对于探测超时的影响,导致出现探测失败、超时类型识别错误和超时值探测精度低的问题。为解决上述问题,文章提出一种基于探测间隔变化的OpenFlow交换机流表项超时机制嗅探方法—TIMIC。该方法先通过调整探测包的发送间隔获得超时值,再通过该超时值判断具体的超时机制及更精确的超时值。实验结果表明,TIMIC在不同的超时机制下都能成功探测超时类型和超时值,且探测出的超时值能够保持较小的探测误差。在通用的超时设置下,TIMIC发送的超时探测包更少,探测成本更低。Software-defined Networking achieves centralization,programmability,and flexibility by separating the control plane and data plane.However,the network architecture faces new attack threats.Timeout sniffing against SDN switches is one of the main security threats.The existing timeout sniffing methods ignore the impact of the maximum timeout value,the generation time of sniffing packets,and the relationship between timeouts on sniffing timeouts,resulting in problems such as sniffing failed,timeout type recognition error,and low timeout sniffing accuracy.In order to solve the above problems,this paper proposed a OpenFlow switch timeout flow entry timeout mechanism sniffing method based on the detection interval change–TIMIC.The method first obtained a timeout value by adjusting the sending interval of the sniffing packet and then determined the specific timeout mechanism and more accurate timeout value through the timeout value.The experimental results show that TIMIC can successfully detect timeout types and values under different timeout mechanisms,and the detected timeout values can maintain a small sniffing error.Under the universal timeout setting,TIMIC sends fewer timeout sniffing packets and has lower sniffing costs.

关 键 词：软件定义网络 超时机制嗅探 探测间隔 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]