| Autor: |
Zehui Wu, Qiang Wei, Kailei Ren, Qingxian Wang |
| Předmět: |
|
| Zdroj: |
KSII Transactions on Internet & Information Systems; Feb2017, Vol. 11 Issue 2, p846-864, 19p, 7 Diagrams, 3 Charts, 2 Graphs |
| Abstrakt: |
Software Defined Network (SDN) realizes management and control over the underlying forwarding device, along with acquisition and analysis of network topology and flow characters through south bridge protocol. Data path Identification (DPID) is the unique identity for managing the underlying device, so forged DPID can be used to attack the link of underlying forwarding devices, as well as carry out DoS over the upper-level controller. This paper proposes a dynamic defense method based on Client-Puzzle model, in which the controller achieves dynamic management over requests from forwarding devices through generating questions with multi-level difficulty. This method can rapidly reduce network load, and at the same time separate attack flow from legal flow, enabling the controller to provide continuous service for legal visit. We conduct experiments on open-source SDN controllers like Fluid and Ryu, the result of which verifies feasibility of this defense method. The experimental result also shows that when cost of controller and forwarding device increases by about 2%-5%, the cost of attacker's CPU increases by near 90%, which greatly raises the attack difficulty for attackers. [ABSTRACT FROM AUTHOR] |
| Databáze: |
Supplemental Index |
| Externí odkaz: |
|
