Statistic-based anti-attack method of SDN (Soft Defined Network) controller

A controller and anti-attack technology, applied in the field of communication, can solve the problems such as the lack of unified anti-attack algorithm, overloading the controller, affecting OF message interaction, etc., so as to improve the retrieval performance and protect the controller.

Inactive Publication Date: 2015-03-11
PHICOMM (SHANGHAI) CO LTD
View PDF5 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] If a hacker (Hacker) sends enough OF messages, it is easy to overload the controller and affect the legitimate OF message interaction
[0005] At present, there is no uniform standard for the attack defense algorithm of the controller. If the granularity of hacker detection is too large (for example, only the number of incoming port packets is detected), when an attack occurs, the legitimate OF message received by this port will also be blocked. filter

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Statistic-based anti-attack method of SDN (Soft Defined Network) controller

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention will be further elaborated below by describing a preferred specific embodiment in detail with reference to the accompanying drawings.

[0031] like figure 1 As shown in the figure, a statistical value-based anti-attack method for an SDN controller includes the following steps:

[0032] S1, the SDN controller receives the OF message and parses it;

[0033] S2, the SDN controller checks the validity of the OF message;

[0034] S2.1, if the OF message is invalid, the OF message will be discarded;

[0035] S2.2, if the OF message is valid, add 1 to the number of packets of the OF message;

[0036] S3: The SDN controller records the number of legal OF messages in the suppression period, and processes the legal OF messages according to the number of packets.

[0037] Wherein, in the step S1, the SDN controller will receive OF messages of different message types, so the SDN controller needs to parse the OF messages received by the SDN controller, wher...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a statistic-based anti-attack method of an SDN (Soft Defined Network) controller. The method comprises the following steps: S1, the SDN controller receives and analyzes OF messages; S2, the SDN controller detects the validity of the OF messages; S2.1, if the OF messages are illegal, the OF messages are discarded; S2.2, if the OF messages are legal, the message amount of the OF messages is plus 1; S3, the SDN controller records the message amount of the legal OF message within a restrained cycle, and processes the legal OF messages according to the message amount. The statistic-based anti-attack method disclosed by the invention can dynamically recognize a hacker with a hostile attack behavior according to an inlet port of the legal OF messages, types of the OF messages and sourced Mac (Media Access Control) address, and inhibits the attack behavior to avoid influence on interaction of other normal OF messages; meanwhile, the controller generates corresponding alarm and log to record the behavior of the hacker.

Description

technical field [0001] The invention relates to an anti-attack algorithm in the communication field, in particular to a statistical value-based anti-attack method of an SDN controller. Background technique [0002] The centralized control method and development of SDN (Software Defined Network) make the security of the controller a potential risk. It is necessary to establish a set of isolation, protection and backup mechanisms to ensure its safe and stable operation. The controller is responsible for the centralized control of the entire SDN network. Once the controller is maliciously attacked by hackers, the service capability of the entire network will be degraded or even paralyzed. [0003] In order to improve the reliability of the controller, the research on the anti-attack technology of the controller is imminent. Currently, there are no defined standards for anti-attack algorithms for controllers. [0004] If a hacker (Hacker) sends enough OF messages, it is easy t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/14H04L63/1441
Inventor 翟跃
Owner PHICOMM (SHANGHAI) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap