SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks

机译：SDSNM：防御DDoS攻击的软件定义的安全网络机制

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

The Distributed Denial of Service (DDoS) attack has seriously harmed network availability over decades and there is still no effective defense mechanism. The emerging software-defined networking (SDN) gives a new way to rethink the defense of DDoS attacks. In this paper, we first modeled DDoS attacks from the perspective of network architecture. Then a software-defined security networking mechanism (SDSNM) was proposed to remove or restrict these necessary conditions which were summarized from the model. The SDSNM is mainly implemented at the edge SDN networks as well as inherits the infrastructure of IP core network. The Cloud computing and Chord technologies were applied to solve the expansibility and consistency problems. Experiments based on the prototype proved that the brand new mechanism was feasible and incrementally deployable. DDoS attacks were unable to be launched if strict access control policies were used. The attacker along with hosts in botnet can be located quickly and accurately when loose access control policies were used.

机译：数十年来，分布式拒绝服务（DDoS）攻击已严重损害了网络可用性，并且仍然没有有效的防御机制。新兴的软件定义网络（SDN）提供了一种重新思考DDoS攻击防御的新方法。在本文中，我们首先从网络架构的角度对DDoS攻击进行了建模。然后提出了软件定义的安全网络机制（SDSNM），以消除或限制从模型中总结出来的这些必要条件。 SDSNM主要在边缘SDN网络上实现，并且继承了IP核心网络的基础结构。应用云计算和Chord技术来解决可扩展性和一致性问题。基于原型的实验证明，这种全新的机制是可行的并且可以逐步部署。如果使用严格的访问控制策略，则无法发起DDoS攻击。使用宽松的访问控制策略时，可以快速准确地定位攻击者以及僵尸网络中的主机。

著录项

来源
《2015 Ninth International Conference on Frontier of Computer Science and Technology》|2015年|115-121|共7页
会议地点 Dalian(CN)
作者
Xiulei Wang; Ming Chen; Changyou Xing;
展开▼
作者单位

Coll. of Command Inf. Syst., PLA Univ. of Sci. Technol., Nanjing, China;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
IP networks; cloud computing; computer network security; software defined networking; DDoS attack; IP core network; SDSNM; chord technology; cloud computing; distributed denial of service attack; software defined security networking mechanism; Access control; Authentication; Computer crime; DH-HEMTs; IP networks; Switches; DDoS; OpenFlow; network security; software-defined networking;

机译：IP网络;云计算;计算机网络安全;软件定义网络; DDoS攻击; IP核心网络; SDSNM;和弦技术;云计算;分布式拒绝服务攻击;软件定义的安全网络机制;访问控制;身份验证;计算机犯罪; DH -HEMT； IP网络；交换机； DDoS； OpenFlow；网络安全；软件定义的网络；;

相似文献

外文文献
中文文献
专利

1. A two level security mechanism to detect a DDoS flooding attack in software-defined networks using entropy-based and C4.5 technique [J] . Sudar K. Muthamil, Deepalakshmi P. Journal of High Speed Networks . 2020,第1期

机译：使用基于熵和C4.5技术检测软件定义网络中DDOS泛洪攻击的两个级别安全机制
2. Defending DDoS Attacks in Software-Defined Networking Based on Legitimate Source and Destination IP Address Database [J] . Xiulei WANG, Ming CHEN, Changyou XING, IEICE transactions on information and systems . 2016,第4期

机译：基于合法的源IP和目标IP地址数据库防御软件定义网络中的DDoS攻击
3. DDoS Attack Detection Method Based on Improved KNN With the Degree of DDoS Attack in Software-Defined Networks [J] . Dong Shi, Sarem Mudar Quality Control, Transactions . 2020,第期

机译：基于改进knn的DDOS攻击检测方法，软件定义网络中DDOS攻击程度
4. SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks [C] . Xiulei Wang, Ming Chen, Changyou Xing International Conference on Frontier of Computer Science and Technology . 2015

机译：SDSNM：一种软件定义的安全网络机制，用于防御DDOS攻击
5. DDoS attacks: Detecting attacks and defending the network [D] . Heinrich, Robert 2015

机译：DDoS攻击：检测攻击并防御网络
6. A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks [O] . Shibo Luo, Mianxiong Dong, Kaoru Ota, 2015

机译：基于软件定义网络的移动网络的安全评估机制
7. Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks [O] . Hassan A. Alamri, Vijey Thayananthan 2020

机译：用于保护软件定义网络免受DDOS攻击的带宽控制机制和极端梯度升压算法

SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks

摘要

著录项

相似文献

相关主题

期刊订阅