• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Cloud Computing and Security >Detecting and Preventing DDoS Attacks in SDN-Based Data Center Networks
【24h】

Detecting and Preventing DDoS Attacks in SDN-Based Data Center Networks

机译:在基于SDN的数据中心网络中检测和预防DDoS攻击

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Distributed denial-of-service (DDoS) attacks are deemed a serious threat to Internet services. A common solution to mitigate the attacks is to redirect traffic to scrubbing centers (SCs) for traffic classification and DDoS filtering. However, the capacity and locations of SCs should be pre-determined, and traffic redirection to SCs also give rise to extra network footprint and long latency. In this work, we present a solution based on network function virtualization (NFV) to launch scrubbing functions on demand and software-defined networking (SDN) to redirect traffic to these functions. We propose a lightweight probing strategy to identify anomalous traffic and the victim, and allocate virtual scrubbing functions close to the victim to minimize network footprint and network latency. We simulate a proof-of-concept design in Mininet to demonstrate its operation. The evaluation shows 96.6% of DDoS packets can be mitigated with the response time of one second.
机译:分布式拒绝服务(DDoS)攻击被认为是对Internet服务的严重威胁。缓解攻击的常见解决方案是将流量重定向到清理中心(SC),以进行流量分类和DDoS过滤。但是,应该预先确定SC的容量和位置,并且将流量重定向到SC也会导致额外的网络占用空间和较长的等待时间。在这项工作中,我们提出了一种基于网络功能虚拟化(NFV)的解决方案,该解决方案可以按需启动清理功能,而软件定义的网络(SDN)可以将流量重定向到这些功能。我们提出了一种轻量级的探测策略,以识别异常流量和受害者,并在受害者附近分配虚拟清理功能,以最大程度地减少网络占用空间和网络延迟。我们在Mininet中模拟概念验证设计以演示其操作。评估显示,一秒钟的响应时间可以缓解96.6%的DDoS数据包。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号