Wang Jin, Wang Liping, Wang Ruiqing
College of Computer Science and Technology, Zhejiang University of Technology, Hangzhou 310023, China.
School of Mathematics, Zhengzhou University of Aeronautics, Zhengzhou 450046, China.
Entropy (Basel). 2023 Aug 14;25(8):1210. doi: 10.3390/e25081210.
Software defined networking (SDN) improves the flexibility and programmability of the network by separating the control plane and the data plane and effectively realizes the global control of the network infrastructure. However, the centralized structure design of SDN exposes the controller to potential threats. Attackers have used the active flow table delivery mode to launch distributed denial of service (DDoS) attacks on the SDN controller, resulting in the controller failure and seriously affecting the network performance. To overcome this problem, this paper proposes a defense framework called CC-Guard. The framework consists of four modules: attack detection triggering, switch migration, anomaly detection, and mitigation. Among them, the attack detection trigger module improves the system's timely response to DDoS attacks. The switch migration module effectively unclogs the controller congestion problem and provides convenience for network flow transmission. The anomaly detection module uses a coarse-grained method for two-stage detection, which improves the detection accuracy. The mitigation module uses the idea of cross-domain cooperation of the controller to clear the abnormal flow in the blacklist. Experimental results show that our proposed CC-Guard has real-time DDoS attack defense capability and high detection accuracy, as well as efficient network resource utilization.
软件定义网络(SDN)通过分离控制平面和数据平面,提高了网络的灵活性和可编程性,并有效地实现了对网络基础设施的全局控制。然而,SDN的集中式结构设计使控制器面临潜在威胁。攻击者利用主动流表交付模式对SDN控制器发动分布式拒绝服务(DDoS)攻击,导致控制器故障,严重影响网络性能。为克服这一问题,本文提出了一种名为CC-Guard的防御框架。该框架由四个模块组成:攻击检测触发、交换机迁移、异常检测和缓解。其中,攻击检测触发模块提高了系统对DDoS攻击的及时响应能力。交换机迁移模块有效解决了控制器拥塞问题,为网络流传输提供了便利。异常检测模块采用粗粒度方法进行两阶段检测,提高了检测准确率。缓解模块利用控制器跨域协作的思想清除黑名单中的异常流。实验结果表明,我们提出的CC-Guard具有实时DDoS攻击防御能力、高检测准确率以及高效的网络资源利用率。