电信科学 ›› 2015, Vol. 31 ›› Issue (4): 120-126.doi: 10.11959/j.issn.1000-0801.2015053

• 研究与开发 • 上一篇    下一篇

融合DDoS威胁过滤与路由优化的SDN通信质量保障策略

张家华1,杨种学1,王江平1,史煜凯1,魏亮2   

  1. 1 南京晓庄学院数学与信息技术学院 南京 211171
    2 江苏省未来网络创新研究院 南京 211100
  • 出版日期:2015-04-15 发布日期:2015-04-15
  • 基金资助:
    未来网络前瞻性研究项目;江苏省大创重点项目;南京晓庄学院科研基金

SDN Communication Quality Assurance Strategy witb DDoS Defense and Routing Optimization

Jiahua Zhang1,Zhongxue Yang1,Jiangping Wang1,Yukai Shi1,Liang Wei2   

  1. 1 School of Mathematics and Information Technology,NanJing Xiaozhuang University,Nanjing 211171,China
    2 Jiangsu Future Networks Innovation Institute,Nanjing 211100,China
  • Online:2015-04-15 Published:2015-04-15
  • Supported by:
    Future Network Prospective Research Project;Innovation and Training Major Project of Jiangsu;Nanjing Xiaozhuang University Fund

摘要:

提出了将DDoS威胁识别与路由优化有机结合的软件定义网络(SDN)通信质量保障策略,即在DDoS攻击造成部分网络链路拥塞的情况下,对异常数据分组进行识别过滤,同时生成最优路径,以保障网络通信质量。首先,设计了一种SDN 架构下的分布式入侵检测系统,实现了对欺骗报文、异常报文以及破坏报文3类DDoS威胁的检测识别和过滤处理。其次,实现了一种最优路径的生成算法。实验测试结果表明,部署了通信质量保障策略的SDN可有效识别并滤除DDoS攻击数据分组,且处理过程中网络平均传输时延无激增。

关键词: 软件定义网络, 网络安全, 路由优化, 分布式拒绝服务攻击, 威胁过滤

Abstract:

A SDN communication quality assurance strategy which organic combines DDoS threat identification with route optimization was put forward.It means,when the intent link was congestive attacked by DDoS,it wi11 identify and filter the abnormal data packet,and wi11 generate optimized routing to ensure the quality of network communications.First of a11,a distributed intrusion detection system under SDN framework was designed.The system realizes the detection recognition,filtration and treatment about the DDoS threat,such as cheating message,excepting message and destroying message.Secondly,a kind of best algorithm about generating routing path was realized.The experimental result shows that the network deployment plan which mentioned in this paper,can identify and filter the aggressive data packet,and the average network data transmission delay doesn't increase sharply when the network is under attack.

Key words: software defined networking, network security, routing optimazation, distributed denial of service, threat filtering

No Suggested Reading articles found!