Journal on Communications ›› 2021, Vol. 42 ›› Issue (11): 41-53.doi: 10.11959/j.issn.1000-436x.2021191
• Topics: New Technology of Computer Communication and Network System Security • Previous Articles Next Articles
Qizhao ZHOU1, Junqing YU1,2, Dong LI2
Revised:
2021-09-13
Online:
2021-11-25
Published:
2021-11-01
Supported by:
CLC Number:
Qizhao ZHOU, Junqing YU, Dong LI. Research on flood defense mechanism of SDN control layer:detection and mitigation[J]. Journal on Communications, 2021, 42(11): 41-53.
[1] | MCKEOWN N , ANDERSON T , BALAKRISHNAN H ,et al. OpenFlow[J]. ACM SIGCOMM Computer Communication Review, 2008,38(2): 69-74. |
[2] | 黄韬, 刘江, 魏亮 ,等. 软件定义网络核心原理与应用实践[J]. 通信学报, 2015,36(3): 288. |
HUANG T , LIU J , WEI L ,et al. SDN core principles and application practice[J]. Journal on Communications, 2015,36(3): 288. | |
[3] | KUMAR P , TRIPATHI M , NEHRA A ,et al. SAFETY:early detection and mitigation of TCP SYN flood utilizing entropy in SDN[J]. IEEE Transactions on Network and Service Management, 2018,15(4): 1545-1559. |
[4] | GAO D Y , LIU Z H , LIU Y ,et al. Defending against Packet-In messages flooding attack under SDN context[J]. Soft Computing, 2018,22(20): 6797-6809. |
[5] | RAVI N , SHALINIE S M , LAL C ,et al. AEGIS:detection and mitigation of TCP SYN flood on SDN controller[J]. IEEE Transactions on Network and Service Management, 2021,18(1): 745-759. |
[6] | DANG V T , HUONG T T , THANH N H ,et al. SDN-based SYN proxy—a solution to enhance performance of attack mitigation under TCP SYN flood[J]. The Computer Journal, 2019,62(4): 518-534. |
[7] | AL MHDAWI A K , AL-RAWESHIDY H S , . iPRDR:intelligent power reduction decision routing protocol for big traffic flood in hybrid-SDN architecture[J]. IEEE Access, 2018,6: 10944-10955. |
[8] | MOHAMMADI R , CONTI M , LAL C ,et al. SYN-Guard:an effective counter for SYN flooding attack in software-defined networking[J]. International Journal of Communication Systems, 2019,32(17): e4061. |
[9] | DERHAB A , GUERROUMI M , GUMAEI A ,et al. Blockchain and random subspace learning-based IDS for SDN-enabled industrial IoT security[J]. Sensors (Basel,Switzerland), 2019,19(14): 3119. |
[10] | XIANG S Q , ZHU H B , XIAO L L ,et al. Modeling and verifying TopoGuard in OpenFlow-based software defined networks[C]// Proceedings of 2018 International Symposium on Theoretical Aspects of Software Engineering (TASE). Piscataway:IEEE Press, 2018: 84-91. |
[11] | KAZEMANIAN P , CHANG M , ZENG H Y ,et al. Real time network policy checking using header space analysis[C]// Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI '13). Berkeley:USENIX Association, 2013: 99-111. |
[12] | TUAN N N , HUNG P H , NGHIA N D ,et al. A robust TCP-SYN flood mitigation scheme using machine learning based on SDN[C]// Proceedings of 2019 International Conference on Information and Communication Technology Convergence (ICTC). Piscataway:IEEE Press, 2019: 363-368. |
[13] | SEMERCI M , CEMGIL A T , SANKUR B . An intelligent cyber security system against DDoS attacks in SIP networks[J]. Computer Networks, 2018,136: 137-154. |
[14] | GARG S , KAUR K , KUMAR N ,et al. Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in SDN:a social multimedia perspective[J]. IEEE Transactions on Multimedia, 2019,21(3): 566-578. |
[15] | PHAAL P , PANCHEN S , MCKEE N . InMon corporation’s flow:a method for monitoring traffic in switched and routed networks[R]. 2001. |
[16] | CICIO?LU M , ?ALHAN A , . HUBsFLOW:a novel interface protocol for SDN-enabled WBANs[J]. Computer Networks, 2019,160: 105-117. |
[17] | PANDA A , SAMAL S S , TURUK A K ,et al. Dynamic hard timeout based flow table management in openflow enabled SDN[C]// Proceedings of 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN). Piscataway:IEEE Press, 2019: 1-6. |
[18] | SHIRALI-SHAHREZA S , GANJALI Y . Delayed installation and expedited eviction:an alternative approach to reduce flow table occupancy in SDN switches[J]. IEEE/ACM Transactions on Networking, 2018,26(4): 1547-1561. |
[19] | BASTA A , BLENK A , HOFFMANN K ,et al. Towards a cost optimal design for a 5G mobile core network based on SDN and NFV[J]. IEEE Transactions on Network and Service Management, 2017,14(4): 1061-1075. |
[20] | SCHNEPF N , BADONNEL R , LAHMADI A ,et al. Synaptic:a formal checker for SDN-based security policies[C]// Proceedings of NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. Piscataway:IEEE Press, 2018: 1-2. |
[21] | CHEN T , TONG H , BENESTY M . Xgboost:extreme gradient boosting[C]// Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD '16. New York:ACM Press, 2016: 1615-1624. |
[22] | ELSAYED M S , LE-KHAC N A , JURCUT A D . InSDN:a novel SDN intrusion dataset[J]. IEEE Access, 2020,8: 165263-165284. |
[23] | ZHOU Q Z , YU J Q , LI D . A dynamic and lightweight framework to secure source addresses in the SDN-based networks[J]. Computer Networks, 2021,193: 108075. |
[24] | BI J , WU J , YAO G ,et al. Source address validation improvement (SAVI) solution for DHCP[R]. RFC Editor, 2015. |
[25] | WU J , BI J , BAGNULO M ,et al. Source address validation improvement (SAVI) framework[R]. RFC Editor, 2013. |
[26] | LIU B Y , BI J , ZHOU Y . Source address validation in software defined networks[C]// Proceedings of Proceedings of the 2016 ACM SIGCOMM Conference. New York:ACM Press, 2016: 595-596. |
[27] | CHEN G L , HU G W , JIANG Y ,et al. SAVSH:IP source address validation for SDN hybrid networks[C]// Proceedings of 2016 IEEE Symposium on Computers and Communication (ISCC). Piscataway:IEEE Press, 2016: 409-414. |
[28] | LI C L , WU Q , LI H W ,et al. SDN-Ti:a general solution based on SDN to attacker traceback and identification in IPv6 networks[C]// Proceedings of ICC 2019 - 2019 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2019: 1-7. |
[29] | WU Y C , TSENG H R , YANG W ,et al. DDoS detection and traceback with decision tree and grey relational analysis[C]// Proceedings of 2009 3rd International Conference on Multimedia and Ubiquitous Engineering. Piscataway:IEEE Press, 2009: 306-314. |
[30] | BELGIU M , DR?GU? L , . Random forest in remote sensing:a review of applications and future directions[J]. ISPRS Journal of Photogrammetry and Remote Sensing, 2016,114: 24-31. |
[31] | ZHANG S C , LI X L , ZONG M ,et al. Efficient kNN classification with different numbers of nearest neighbors[J]. IEEE Transactions on Neural Networks and Learning Systems, 2018,29(5): 1774-1785. |
[32] | CHU S C , DAO T K , PAN J S ,et al. Identifying correctness data scheme for aggregating data in cluster heads of wireless sensor network based on naive Bayes classification[J]. EURASIP Journal on Wireless Communications and Networking, 2020,2020(1): 52. |
[33] | WANG H W , GU J , WANG S S . An effective intrusion detection framework based on SVM with feature augmentation[J]. Knowledge-Based Systems, 2017,136: 130-139. |
[34] | WANG J X , QI H , HE Y ,et al. FlowTracer:an effective flow trajectory detection solution based on probabilistic packet tagging in SDN-enabled networks[J]. IEEE Transactions on Network and Service Management, 2019,16(4): 1884-1898. |
[1] | Dongbin WANG, Dongzhe WU, Hui ZHI, Kun GUO, Xu ZHANG, Jinqiao SHI, Yu ZHANG, Yueming LU. Preventing flow table overflow against denial of service attack in software defined network [J]. Journal on Communications, 2023, 44(2): 1-11. |
[2] | Zongxuan SHA, Ru HUO, Chuang SUN, Shuo WANG, Tao HUANG. Forwarding efficiency aware traffic scheduling algorithm based on deep reinforcement learning [J]. Journal on Communications, 2022, 43(8): 30-40. |
[3] | Binghao YAN, Qinrang LIU, Jianliang SHEN, Xiantuo TANG, Dong LIANG. Fast loop-free path migration strategy in software defined network [J]. Journal on Communications, 2022, 43(5): 24-35. |
[4] | Chuanhuang LI, Yangting CHEN, Jingjing TANG, Jiali LOU, Renhua XIE, Chuntao FANG, Weiming WANG, Chao CHEN. QL-STCT: an intelligent routing convergence method for SDN link failure [J]. Journal on Communications, 2022, 43(2): 131-142. |
[5] | Shuopeng LI, Juan FANG, Ken CHEN. DetNet service share protection scheme based on SRv6 [J]. Journal on Communications, 2021, 42(10): 32-42. |
[6] | Haibo ZHANG,Zixin WANG,Xiaofan HE. V2X offloading and resource allocation under SDN and MEC architecture [J]. Journal on Communications, 2020, 41(1): 114-124. |
[7] | Fang DONG,Yuxiang HU,Ou LI. Routing framework and creation algorithm in Ad Hoc based SDN [J]. Journal on Communications, 2019, 40(9): 33-44. |
[8] | Zhongnan ZHAO,Jian WANG,Hongwei GUO. Adaptive routing and wavelength assignment method based on SDN [J]. Journal on Communications, 2019, 40(9): 95-105. |
[9] | CHEN Xingshu,HUA Qiang,WANG Yitong,GE Long,ZHU Yi. Research on low-rate DDoS attack of SDN network in cloud environment [J]. Journal on Communications, 2019, 40(6): 210-222. |
[10] | Xianwei ZHU,Chaowen CHANG,Zhiqiang ZHU,Xi QIN. SDN control and forwarding method based on identity attribute [J]. Journal on Communications, 2019, 40(11): 1-18. |
[11] | Junfeng TIAN,Liuling QI. DDoS attack detection method based on conditional entropy and GHSOM in SDN [J]. Journal on Communications, 2018, 39(8): 140-149. |
[12] | Chuanhuang LI,Yan WU,Zhengzhe QIAN,Zhengjun SUN,Weiming WANG. DDoS attack detection and defense based on hybrid deep learning model in SDN [J]. Journal on Communications, 2018, 39(7): 176-187. |
[13] | Tao HUANG,Jiang LIU,Chen ZHANG,Liang WEI,Yunjie LIU. Survey on SDN-based network testbeds [J]. Journal on Communications, 2018, 39(6): 155-168. |
[14] | Heng HE,Yan HU,Lianghan ZHENG,Zhengyuan XUE. Efficient DDoS attack detection and prevention scheme based on SDN in cloud environment [J]. Journal on Communications, 2018, 39(4): 139-151. |
[15] | Xi QIN,Guodong TANG,Chaowen CHANG. SDN security control and forwarding method based on cipher identification [J]. Journal on Communications, 2018, 39(2): 31-42. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|