Computer Science ›› 2015, Vol. 42 ›› Issue (Z11): 341-344.

Previous Articles     Next Articles

Research on DoS Attacks Against Control Level in OpenFlow-based SDN

LOU Heng-yue and DOU Jun   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Based on OpenFlow protocol message exchange mechanism,all non-data packets need uploading by PACKET_IN message.Thus,a new DoS attack on the control plane was proposed.It uses non-stop forwarding unknown address packages to deplete resources in control plane.And a solution strategy was proposed to detect attacks and reduce network latency based on the programmability of SDN network.First,through SDN controller north application interface,Defense4ALL application was used to detect malicious traffic by characteristic of DoS attacks.Then by using the controller feature of dynamical configuration,switch configuration file was updated in real-time,and network forwarding policy was changed.Thereby it could reduce the damage caused by the attack on the entire network.The simulation shows that the success rate of this detection method closes to 100%.But in slow-speed less-source attack detection success rate is less than 80%.The overall network latency is reduced by 10ms or more.The proposed solution strategy can effectively reduce the interference of the DoS attacks against control level for entire network.

Key words: SDN,OpenFlow,Network security,Control level,DoS attack

[1] McKeown N,Anderson T,Balakrishnan H,et al.OpenFlow:enabling innovation in campus networks[J].ACM SIGCOMM Computer Communication Review,2008,38(2):69-74
[2] 左青云,陈鸣,赵广松,等.基于OpenFlow的SDN技术研究[J].软件学报,2013,24(5):1078-1097
[3] 李丹,陈贵海,任丰原,等.数据中心网络的研究进展与趋势[J].计算机学报,2014,37(2):259-274
[4] 窦军,陈文佳.SUPANET基OAM的保护交换研究[J].计算机科学,2011,38(4):87-92
[5] 窦军.单层用户数据交换平台体系结构研究[D].成都:西南交通大学,2011
[6] 林闯,贾子骁,孟坤.自适应的未来网络体系架构 [J].计算机学报,2012,35(6):1077-1093
[7] 戴彬,王航远,徐冠,等.SDN 安全探讨:机遇与威胁并存[J].计算机应用研究,2014,31(8):2254-2262
[8] 薛聪,马存庆,刘宗斌,等.一种安全SDN控制器架构设计[J].信息网络安全,2014(9):34-38
[9] ONF Market Education Committee.Software-Defined Networ-king:The new norm for networks[EB/OL].(2012-04-13).https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf
[10] McKeown N,Anderson T,Balakrishnan H,et al.OpenFlow:enabling innovation in campus networks[J].ACM SIGCOMM Computer Communication Review,2008,38(2):69-74
[11] Tootoonchian A,Gorbunov S,Ganjali Y,et al.On controller performance in software-defined networks[C]∥USENIX Workshop on Hot Topics in Management of Internet,Cloud,and Enterprise Networks and Services(Hot-ICE).2012:10
[12] 江国龙,付斌章,陈明宇,等.SDN控制器的调研和量化分析[J].计算机科学与探索,2014,8(6):653-664
[13] Braga R,Mota E,Passito A.Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]∥2010 IEEE 35th Conference on Local Computer Networks(LCN).IEEE,2010:408-415
[14] Wang B,Zheng Y,Lou W,et al.DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking[C]∥2014 IEEE 22nd International Conference on Network Protocols(ICNP).IEEE,2014:624-629
[15] 陶冶,张尼,张云勇,等.SDN安全防护技术研究[J].电信技术,2014(6):14-17
[16] Jose L,Yu M,Rexford J.Online measurement of large traffic aggregates on commodity switches[C]∥Proc.of the USENIX HotICE workshop.2011:13-13
[17] Yao G,Bi J,Xiao P.Source address validation solution withOpenFlow/NOX architecture[C]∥2011 19th IEEE InternationalConference on Network Protocols(ICNP).IEEE,2011:7-12
[18] Dover J M.A denial of service attack against the Open Floodlight SDN controller[EB/OL].[2013-12-30].http://dovernetworks.com/wp-content/uploads/2013/12/OpenFloodlight-12302013.pdf

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!