SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane

机译：SDNShield：针对SDN控制平面上的DDoS攻击提供更全面的防御

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

While the software-defined networking (SDN) paradigm is gaining much popularity, current SDN infrastructure has potential bottlenecks in the control plane, hindering the network's capability of handling on-demand, fine-grained flow level visibility and controllability. Adversaries can exploit these vulnerabilities to launch distributed denial-of-service (DDoS) attacks against the SDN infrastructure. Recently proposed solutions either scale up the SDN control plane or filter out forged traffic, but not both. We propose SDNShield, a combined solution towards more comprehensive defense against DDoS attacks on SDN control plane. SDNShield deploys specialized software boxes to improve the scalability of ingress SDN switches to accommodate control plane workload surges. It further incorporates a two-stage filtering scheme to protect the centralized controller. The first stage statistically distinguishes legitimate flows from forged ones, and the second stage recovers the false positives of the first stage with in-depth TCP handshake verification. Prototype tests and dataset-driven evaluation results show that SDNShield maintains higher resilience than existing solutions under varying attack intensity.

机译：虽然软件定义的网络（SDN）范例获得了很多人气，但当前的SDN基础设施具有控制平面中的潜在瓶颈，阻碍了网络处理按需，细粒度的流量水平可视性和可控性的能力。对手可以利用这些漏洞来启动分布式拒绝服务（DDOS）攻击对SDN基础架构的攻击。最近提出的解决方案缩放了SDN控制平面或滤除锻造流量，但并不是两者。我们提出了SDNShield，一种对DDOS控制平面上的DDOS攻击更全面的防御的综合解决方案。 SDNShield部署了专门的软件盒，以提高入口SDN交换机的可扩展性，以适应控制平面工作负载潮。它还包括两阶段过滤方案来保护集中控制器。第一阶段统计地区分伪造于锻造的合法流量，第二阶段通过深入的TCP握手验证恢复第一阶段的误报。原型测试和数据集驱动的评估结果表明，SDNShield维持比不同攻击强度下的现有解决方案更高的弹性。

著录项

来源
《IEEE Conference on Communications and Network Security》|2016年|28-36|共9页
会议地点
作者
Kuan-yin Chen; Anudeep Reddy Junuthula; Ishant Kumar Siddhrau; Yang Xu; H. Jonathan Chao;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Software; Computer crime; Switches; Scalability; Hardware;

机译：软件;计算机犯罪;开关;可扩展性;硬件;

相似文献

外文文献
中文文献
专利

1. Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments [J] . Matheus P. Novaes, Luiz F. Carvalho, Jaime Lloret, Future generation computer systems . 2021,第Deca期

机译：对抗SDN环境中DDOS攻击的对抗深度学习方法检测与防御
2. An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment [J] . Neha Agrawal, Shashikala Tapaswi Journal of network and systems management . 2021,第2期

机译：云计算环境中泼妇DDOS攻击的SDN辅助防御机制
3. A DDoS attack detection and defense scheme using time-series analysis for SDN [J] . Fouladi Ramin Fadaei, Ermis Orhan, Anarim Emin Journal of information security and applications . 2020,第Octa期

机译：使用时间序列分析的DDOS攻击检测和防御方案进行SDN
4. SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane [C] . Kuan-yin Chen, Anudeep Reddy Junuthula, Ishant Kumar Siddhrau, IEEE Conference on Communications and Network Security . 2016

机译：SDNSHIELD：对DDOS对SDN控制平面的攻击更全面的防御
5. Threats and Defenses in SDN Control Plane [D] . Dixit, Vaibhav Hemant. 2018

机译：SDN控制平面中的威胁和防御
6. DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN [O] . Haomin Wang, Wei Li 2021

机译：DDOSTC：SDN中基于变压器的网络攻击检测混合机制
7. OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN [O] . Biao Han, Xiangrui Yang, Zhigang Sun, 2018

机译：透气：在SDN中具有协同智能的跨平面DDOS攻击防御框架

SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane

摘要

著录项

相似文献

相关主题

期刊订阅