《计算机应用研究》|Application Research of Computers

基于Renyi熵的OpenFlow信道链路泛洪攻击主动防御方法

Active defense method of OpenFlow channel link flooding attack based on Renyi entropy

免费全文下载 (已被下载 次)  
获取PDF全文
作者 蔡佳晔,张红旗,宋佳良
机构 信息工程大学,郑州 450001
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)06-035-1767-04
DOI 10.19734/j.issn.1001-3695.2017.12.0821
摘要 针对新型链路泛洪攻击,提出一种基于Renyi熵的OpenFlow信道链路泛洪攻击主动防御方法。运用Renyi熵分析攻击者在构建OpenFlow信道linkmap过程中产生的ICMP超时报文数量变化。一旦出现攻击前兆,由流量监控服务器向控制器发出攻击预警,控制器启动交换机—控制器连接迁移机制,将交换机迁移至新的控制器下,并使用新的OpenFlow信道与之通信。实验证明,主动防御方法能有效避免控制器与交换机之间通信链路受到链路泛洪攻击的影响,确保控制器和交换机能持续交互提供网络服务,增强了SDN的健壮性。
关键词 链路泛洪攻击; OpenFlow信道; Renyi熵; 主动防御
基金项目 国家“863”计划资助项目(2012AA012704)
郑州市科技领军人才资助项目(131PLJRC644)
本文URL http://www.arocmag.com/article/01-2019-06-035.html
英文标题 Active defense method of OpenFlow channel link flooding attack based on Renyi entropy
作者英文名 Cai Jiaye, Zhang Hongqi, Song Jialiang
机构英文名 Information Engineering University,Zhengzhou 450001,China
英文摘要 For defending the new link flooding attack, this paper proposed an active defense method of OpenFlow channel link flooding based on Renyi entropy. It analyzed the changes in the number of ICMP timeout messages produced by an attacker in the construction of the OpenFlow channel linkmap from Renyi entropy. It detected once attacks precursor, flow monitoring server sent an attack warning to the controller, then controller started switch-controller connection migration mechanism, migrated the switch to a new controller and communicated with the new OpenFlow channel. Experimental results show that the active defense method can effectively avoid the impact of link flooding attack between controller and switch, and ensure that controller and switch can provide continuous network services and enhance the robustness of SDN.
英文关键词 link-flooding attack(LFA); OpenFlow channel; Renyi entropy; active defense
参考文献 查看稿件参考文献
 
收稿日期 2017/12/10
修回日期 2018/3/4
页码 1767-1770,1775
中图分类号 TP393
文献标志码 A