摘要
针对现有链路洪泛攻击检测存在的不足,提出了多维指标检测算法,通过会话连接时长、数据分组低速比例、数据分组距离均匀性、平均低速率数据分组占比、低速数据分组占比变化率5维要素对存在异常的转发链路进行多维检测,改善了现有方法误报率高的情况。进一步,提出基于染色理论的“控制器.交换机”动态部署方法,解决了现有防御缓解机制存在的“难以实际部署在交换机变体类型受限的实际环境中”问题。最后,实验验证所提方法的有效性。
Aiming at the shortcomings of the existing link flooding attack defense methods, a multi-dimensional index detection algorithm is proposed, which performs multi-dimensional detection on the abnormal forwarding links through the five-dimensional elements of connection length, low-speed ratio of data packets, uniformity of data packet distance, average low-speed ratio of data packets, and change rate of low-speed ratio of data packets, thus effectively solving the problem of high false alarm rate of the existing detection methods. Furthermore, a controller - switch dynamic deployment method based on coloring theory is proposed, which solves the problem of difficult to be actually deployed in the actual environment with limited switch variant types existing in the existing defense mitigation mechanisms. Experimental analysis show the feasibility of the proposed method.
作者
王洋
汤光明
雷程
韩冬
WANG Yang;TANG Guangming;LEI Cheng;HAN Dong(Information Engineering University, Zhengzhou 450001, China)
出处
《网络与信息安全学报》
2019年第4期80-90,共11页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.61601517)~~
关键词
链路洪泛攻击
多维检测
动态部署
软件定义网络
link flood attack
multidimensional detection
dynamic deployment
software defined network
