Today, Internet is facing with growing threats of malicious traffic generated by virus, DDoS attack, selfish action and so on, and it will become worse while these traffics are caused by internal members of autonomous domains. Filtering these traffics on the nodes as closer as possible to the attack source is considered as a reasonable solution. So this paper presents a malicious traffic filtering model for AS based on SDN network domain. This model sets a logical centralized controller for the AS, deploys agents to the network nodes. These agents are responsible for collecting the information of network and executing filtering policies. The controller supports functions of internal malicious traffic detection, dynamic filtering policies decision, and policies deployment. Furthermore, this model also includes a proper executing nodes searching algorithm, which ensures the policies to be deployed on nodes closest to the internal attack source and cannot be bypassed. The experiments verify that comparing with traditional malicious reaction mechanism such as filter the traffic at host-end or edge-router of domain, this model is able to protect all nodes and servers within the domain. And it also provides the domain powerful and flexible capability to deal with rapidly changing attack methods at lower cost and to significantly reduce the malicious traffic within the domain network.
展开▼
