Chinese Journal of Network and Information Security ›› 2022, Vol. 8 ›› Issue (2): 73-87.doi: 10.11959/j.issn.2096-109x.2022017
• Topic: Cybersecurity——Attack and Defense Technologies • Previous Articles Next Articles
Yang WANG1, Guangming TANG1, Shuo WANG2, Jiang CHU2
Revised:
2021-10-20
Online:
2022-04-15
Published:
2022-04-01
Supported by:
CLC Number:
Yang WANG, Guangming TANG, Shuo WANG, Jiang CHU. Defense mechanism of SDN application layer against DDoS attack based on API call management[J]. Chinese Journal of Network and Information Security, 2022, 8(2): 73-87.
[1] | JAIN R , . Internet 30:ten problems with current Internet architecture and solutions for the next generation[C]// Proceedings of MILCOM 2006 IEEE Military Communications Conference. 2006: 1-9. |
[2] | 王涛, 陈鸿昶, 程国振 . 基于网络资源管理技术的 SDN DoS 攻击动态防御机制[J]. 计算机研究与发展, 2017,54(10): 2356-2368. |
WANG T , CHEN H C , CHENG G Z . A dynamic defense mechanism for SDN DoS attacks based on network resource management technology[J]. Journal of Computer Research and Development, 2017,54(10): 2356-2368. | |
[3] | 张朝昆, 崔勇, 唐翯祎 ,等. 软件定义网络(SDN)研究进展[J]. 软件学报, 2015,26(1): 62-81. |
ZHANG C K , CUI Y , TANG H Y ,et al. State-of-the-art survey on software-defined networking (SDN)[J]. Journal of Software, 2015,26(1): 62-81. | |
[4] | 王蒙蒙, 刘建伟, 陈杰 ,等. 软件定义网络:安全模型、机制及研究进展[J]. 软件学报, 2016,27(4): 969-992. |
WANG M M , LIU J W , CHEN J ,et al. Software defined networking:security model,threats and mechanism[J]. Journal of Software, 2016,27(4): 969-992. | |
[5] | 龚庆祥 . 软件定义网络中分布式拒绝服务攻击研究[D]. 深圳:深圳大学, 2017. |
GONG Q X . Research on distributed denial of service attacks in software defined networking[D]. Shenzhen,China:Shenzhen University, 2017. | |
[6] | WU X T , LIU M , DOU W C ,et al. DDoS attacks on data plane of software-defined network:are they possible[J]. Security and Communication Networks, 2016,9(18): 5444-5459. |
[7] | 徐玉华, 孙知信 . 软件定义网络中的异常流量检测研究进展[J]. 软件学报, 2020,31(1): 183-207. |
XU Y H , SUN Z X . Research development of abnormal traffic detection in software defined networking[J]. Journal of Software, 2020,31(1): 183-207. | |
[8] | DAYAL N , MAITY P , SRIVASTAVA S ,et al. Research trends in security and DDoS in SDN[J]. Security and Communication Networks, 2016,9(18): 6386-6411. |
[9] | 张龙, 王劲松 . SDN中基于信息熵与DNN的DDoS攻击检测模型[J]. 计算机研究与发展, 2019,56(5): 909-918. |
ZHANG L , WANG J S . DDoS attack detection model based on information entropy and DNN in SDN[J]. Journal of Computer Research and Development, 2019,56(5): 909-918. | |
[10] | 田俊峰, 齐鎏岭 . SDN中基于条件熵和GHSOM的DDoS攻击检测方法[J]. 通信学报, 2018,39(8): 140-149. |
TIAN J F , QI L L . DDoS attack detection method based on conditional entropy and GHSOM in SDN[J]. Journal on Communications, 2018,39(8): 140-149. | |
[11] | 李传煌, 吴艳, 钱正哲 ,等. SDN 下基于深度学习混合模型的DDoS攻击检测与防御[J]. 通信学报, 2018,39(7): 176-187. |
LI C H , WU Y , QIAN Z Z ,et al. DDoS attack detection and defense based on hybrid deep learning model in SDN[J]. Journal on Communications, 2018,39(7): 176-187. | |
[12] | BRAGA R , MOTA E , PASSITO A . Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]// Proceedings of IEEE Local Computer Network Conference. Piscataway:IEEE Press, 2010: 408-415. |
[13] | KANDOI R , ANTIKAINEN M . Denial-of-service attacks in OpenFlow SDN networks[C]// Proceedings of 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). 2015: 1322-1326. |
[14] | 乔思祎, 胡成臣, 李昊 ,等. OpenFlow交换机流表溢出问题的缓解机制[J]. 计算机学报, 2018,41(9): 2003-2015. |
QIAO S Y , HU C C , LI H ,et al. A mechanism of taming the flow table overflow in OpenFlow switch[J]. Chinese Journal of Computers, 2018,41(9): 2003-2015. | |
[15] | 武泽慧, 魏强, 任开磊 ,等. 基于OpenFlow交换机洗牌的DDoS攻击动态防御方法[J]. 电子与信息学报, 2017,39(2): 397-404. |
WU Z H , WEI Q , REN K L ,et al. Dynamic defense for DDoS attack using open flow-based switch shuffling approach[J]. Journal of Electronics & Information Technology, 2017,39(2): 397-404. | |
[16] | WEN X T , CHEN Y , HU C C ,et al. Towards a secure controller platform for OpenFlow applications[C]// Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 171-172. |
[17] | KLAEDTKE F , KARAME G O , BIFULCO R ,et al. Access control for SDN controllers[C]// Proceedings of the Third Workshop on Hot Topics in Software Defined Networking. 2014: 219-220. |
[18] | 崔乾 . SDN 北向资源访问安全方案研究与实现[D]. 北京:北京邮电大学, 2019. |
CUI Q . Research and implementation of SDN northbound resource security access scheme[D]. Beijing:Beijing University of Posts and Telecommunications, 2019. | |
[19] | 王阿林 . 基于REST开放标准的北向接口动态API研究与实现[D]. 北京:北京邮电大学, 2017. |
WANG A L . Research and implementation of dynamic API based on REST northbound interface[D]. Beijing:Beijing University of Posts and Telecommunications, 2017. | |
[20] | 任开磊 . 软件定义网络北向 REST 接口安全防御关键技术研究[D]. 郑州:信息工程大学, 2017. |
REN K L . Research on key technologies of SDN northbound REST API security defense[D]. Zhengzhou:Information Engineering University, 2017. | |
[21] | 成静, 薛峰, 张逸飞 ,等. 移动应用众包测试人员信誉度的模糊评估方法研究[J]. 西北工业大学学报, 2018,36(4): 800-806. |
CHENG J , XUE F , ZHANG Y F ,et al. A reputation assessment approach based on fuzzy mathematics mobile application crowdsourced testers[J]. Journal of Northwestern Polytechnical University, 2018,36(4): 800-806. | |
[22] | 沈丛麒, 陈双喜, 吴春明 ,等. 基于信誉度与相异度的自适应拟态控制器研究[J]. 通信学报, 2018,39(S2): 173-180. |
SHEN C Q , CHEN S X , WU C M ,et al. Adaptive mimic defensive controller framework based on reputation and dissimilarity[J]. Journal on Communications, 2018,39(S2): 173-180. | |
[23] | 李婕, 王兴伟, 刘睿 . 社群智能系统中基于用户信誉度的激励机制[J]. 计算机科学与探索, 2015,9(12): 1471-1482. |
LI J , WANG X W , LIU R . User reputation- based participatory incentive mechanism in social and community intelligence systems[J]. Journal of Frontiers of Computer Science and Technology, 2015,9(12): 1471-1482. | |
[24] | 于洋, 王之梁, 毕军 ,等. 软件定义网络中北向接口语言综述[J]. 软件学报, 2016,27(4): 993-1008. |
YU Y , WANG Z L , BI J ,et al. Survey on the languages in the northbound interface of software defined networking[J]. Journal of Software, 2016,27(4): 993-1008. | |
[25] | 鲁垚光, 王兴伟, 李福亮 ,等. 软件定义网络中的动态负载均衡与节能机制[J]. 计算机学报, 2020,43(10): 1969-1982. |
LU Y G , WANG X W , LI F L ,et al. Dynamic load balancing and energy saving mechanism in software defined networking[J]. Chinese Journal of Computers, 2020,43(10): 1969-1982. | |
[26] | 胡涛, 张建辉, 马腾 ,等. SDN中基于可靠性评估的多控制器均衡部署策略[J]. 通信学报, 2017,38(11): 188-198. |
HU T , ZHANG J H , MA T ,et al. Multi-controller balancing deployment strategy based on reliability evaluation in SDN[J]. Journal on Communications, 2017,38(11): 188-198. | |
[27] | JAFARIAN J H , AL-SHAER E , DUAN Q . An effective address mutation approach for disrupting reconnaissance attacks[J]. IEEE Transactions on Information Forensics and Security, 2015,10(12): 2562-2577. |
[28] | OKTIAN Y E , LEE S , LEE H ,et al. Secure your northbound SDN API[C]// Proceedings of 2015 Seventh International Conference on Ubiquitous and Future Networks. 2015: 919-920. |
[1] | Heli WANG, Qiao YAN. Selfish mining detection scheme based on the characters of transactions [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 104-114. |
[2] | Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101. |
[3] | Fukang XING, Zheng ZHANG, Ran SUI, Sheng QU, Xinsheng JI. Qualitative modeling and analysis of attack surface for process multi-variant execution software system [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 121-128. |
[4] | Zenan WANG, Jiahao LI, Chaohong TAN, Dechang PI. Design and analysis of intelligent service chain system for network security resource pool [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 175-181. |
[5] | Xinya WANG, Guang HUA, Hao JIANG, Haijian ZHANG. Survey on intellectual property protection for deep learning model [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 1-14. |
[6] | Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85. |
[7] | Tao WANG, Hongchang CHEN. Multi-objective optimization placement strategy for SDN security controller considering Byzantine attributes [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 72-84. |
[8] | Chenglei ZHANG, Yulong FU, Hui LI, Jin CAO. Research on security scenarios and security models for 6G networking [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 28-45. |
[9] | Guochun LI,Rui MA,Jichun MA,Bozhong Li,Huiming LIU,Guiyu ZHANG. Research on SDN deployment practice for WAN egress traffic scheduling [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 148-157. |
[10] | Wei HUANG, Ran LU, Cuncai LIU, Sibo QI. QoS routing algorithm based on multiple domain architecture of SDN [J]. Chinese Journal of Network and Information Security, 2019, 5(5): 21-31. |
[11] | QIN Yuhai,LIU Luyuan,GAO Haohang,LIU Shengqiao,DONG Han. Innovative professional skills competition to create a police practice talents [J]. Chinese Journal of Network and Information Security, 2019, 5(3): 75-80. |
[12] | Hao HU, Yuling LIU, Yuchen ZHANG, Hongqi ZHANG. Survey of attack graph based network security metric [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 1-16. |
[13] | Zijin JIN,Julong LAN,Yiming JIANG,Penghao SUN,Peng WEI. QLearning based business differentiating routing mechanism in SDN architecture [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 17-22. |
[14] | Juntai HU,Zhenyu WU,Xiao FU,Yichao WANG. Game model based security strategy of heterogeneous controllers in the cloud [J]. Chinese Journal of Network and Information Security, 2018, 4(9): 52-59. |
[15] | Binghao YAN,Guodong HAN. Combinatorial intrusion detection model based on deep recurrent neural network and improved SMOTE algorithm [J]. Chinese Journal of Network and Information Security, 2018, 4(7): 48-59. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|