摘要
为了保护关键基础设施的服务器免受DDoS攻击,文章引入移动目标防御技术,提出了一种SDN环境下基于端址跳变的DDoS防御方法。使用基于双重Counter Bloom Filter的DDoS攻击检测算法持续监测并快速发现DDoS攻击,SDN控制器通过下发流表过滤恶意流量,并通知可信客户端按照轮询策略从端址映射表中选择新的服务器虚拟IP地址及端口进行通信,实现服务器端址跳变躲避DDoS攻击。实验表明,该方法不仅能快速检测出DDoS攻击,并且能够有效缓解DDoS攻击带来的影响。
To protect the servers of key infrastructure from DDoS attacks,this paper introduces the Moving Target Defense strategy,and proposes a DDoS defense method based on port and address hopping in SDN network.The DDoS attack detection algorithm based on a double counter bloom filter is used to continuously and rapidly monitor DDoS attacks.SDN controller filters malicious traffic by inserting flow rules into corresponding switches and informs trusted clients to select a pair of virtual IP address and port of server from the port and address mapping table according to the polling strategy for communication,so as to dynamically change server's IP address and port to evade DDoS attacks.Experiments show that this method can detect not only DDoS attacks efficiently,but also mitigate the impact of DDoS attacks effectively.
作者
吴桦
陈廷政
Wu Hua;Chen Tingzhen(School of Cyber Science and Engineering,Southeast University,Jiangsu Nanjing 211189;International governance research base of Cyberspace(Southeast University),Jiangsu Nanjing 211189;Purple Mountain Laboratories for Network and Communication Security,Jiangsu Nanjing 211111;Key Laboratory of Computer Network and Information Integration of Ministry of Education(Southeast University),Jiangsu Nanjing 211189)
出处
《网络空间安全》
2020年第8期17-22,共6页
Cyberspace Security
关键词
软件定义网络
移动目标防御
端址跳变
DDOS防御
software defined network
moving target defense
port and address hopping
DDoS defense
作者简介
吴桦(1973-),女,回族,江苏宜兴人,东南大学,博士,东南大学,副教授,主要研究方向和关注领域:网络安全、网络管理;陈廷政(1996-),男,汉族,广东珠海人,东南大学,硕士,主要研究方向和关注领域:软件定义网络、移动目标防御。
