Software defined network moving target defense mechanism against link flooding attacks
XIE Lixia;DING Ying;School of Computer Science and Technology,Civil Aviation University of China;
This paper presents a software defined network(SDN)based defense mechanism to detect and mitigate a new distributed denial of service(DDoS) attack named Crossfire. An SDN traffic-level centralized monitoring and shunt control model was defined based on the Crossfire characteristics for the defense mechanism.The SDN re-routing strategy was used to resolve the congestion load of the attacked link with flexible traffic scheduling used to alleviate the congestion and avoid critical link interruption that could seriously interfere with network service.The SDN mobile target defense mechanism was used to dynamically adjust the network configuration and network behavior to induce the attacker to adjust the attack traffic;thereby improving the attack detection efficiency of the bait server.Tests show that this mechanism can effectively defend against Crossfire attacks and that the SDN defense mechanism and rerouting strategy does not require significant overhead.
|
|
Chinese Journal Full-text Database |
1 Hits
|
|
|
|
|
|
Chinese Journal Full-text Database |
10 Hits
|
|
|
|
|
|
Chinese Journal Full-text Database |
1 Hits
|
|
|
1 |
ZUO Qing-Yun,CHEN Ming,ZHAO Guang-Song,XING Chang-You,ZHANG Guo-Min,JIANG PeiCheng(College of Command Information Systems,PLA University of Science and Technology,Nanjing 210007,China);Research on OpenFlow-Based SDN Technologies[J];软件学报;2013-05 |
|