软件定义网络中的DDoS安全研究综述

doi:10.12677/SEA.2020.91001

期刊菜单

软件定义网络中的DDoS安全研究综述
Review of DDoS Security in Software-Defined Networks

DOI: 10.12677/SEA.2020.91001, PDF,
作者: 邓宙^*, 张扬玉：四川大学软件学院，四川成都
关键词: SDN；DDoS；网络安全；SDN； DDoS； Network Security

摘要: 软件定义网络(SDN)提供了新型的网络体系结构，该体系结构提供了灵活性，可伸缩性和附加的安全性。控制平面和数据平面分离，转发逻辑由交换机处理，而控制逻辑则部署在集中式控制器中。网络的集中控制可以解决许多安全漏洞和问题，同时也带来了新的问题。本文首先介绍了SDN的架构及DDoS攻击原理和特征，从SDN本身的结构发生DDoS攻击时的特点进行了分析归纳，最后对现有的防御方案进行了分析，针对其不足提出未来的研究方向。

Abstract: Software-defined network (SDN) provides a new network architecture that provides flexibility, scalability, and additional security. The control plane is separated from the data plane, the for-warding logic is handled by the switch, and the control logic is deployed in the centralized controller. Centralized control of the network can solve many security vulnerabilities and problems, but also brings new problems. This paper firstly introduces the architecture of SDN and the principle and characteristics of DDoS attack, analyzes and summarizes the characteristics of DDoS attack in each layer of SDN, and finally analyzes the existing detection scheme, and proposes the future research direction according to its shortcomings.

文章引用：邓宙, 张扬玉. 软件定义网络中的DDoS安全研究综述[J]. 软件工程与应用, 2020, 9(1): 1-6. https://doi.org/10.12677/SEA.2020.91001

参考文献

[1]	张朝昆, 崔勇, 唐翯翯, 吴建平. 软件定义网络(SDN)研究进展[J]. 软件学报, 2015, 26(1): 64-72.
[2]	左青云, 陈鸣, 赵广松, 邢长友, 张国敏, 蒋培成. 基于OpenFlow的SDN技术研究[J]. 软件学报, 2013, 24(5): 4-7.
[3]	Hu, F., Hao, Q. and Bao, K. (2014) A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation. IEEE Communications Surveys & Tutorials, 16, 2191-2204. [Google Scholar] [CrossRef]
[4]	Jia, Y., Xu, L., Yang, Y. and Zhang, X. (2019) Lightweight Au-tomatic Discovery Protocol for OpenFlow-Based Software Defined Networking. IEEE Communications Letters, 1. [Google Scholar] [CrossRef]
[5]	张永铮, 肖军, 云晓春, 王风宇. DDoS攻击检测和控制方法[J]. 软件学报, 2012, 23(8): 2065-2070.
[6]	Zargar, S.T., Joshi, J. and Tipper, D. (2013) A Survey of Defense Mechanisms against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys & Tuto-rials, 15, 2046-2069. [Google Scholar] [CrossRef]
[7]	Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A. and Khayam, S.A. (2014) A Taxonomy of Botnet Behavior, Detection, and Defense. IEEE Commu-nications Surveys & Tutorials, 16, 898-924. [Google Scholar] [CrossRef]
[8]	Sattolo, T.A.V., Macwan, S., Vezina, M.J. and Matrawy, A. (2019) Classifying Poisoning Attacks in Software Defined Net-working. IEEE International Conference on Wireless for Space and Extreme Environments, Ottawa, 16-18 October 2019, 60-63. [Google Scholar] [CrossRef]
[9]	Radivilova, T., Kirichenko, L., Ageiev, D. and Bulakh, V. (2019) Classification Methods of Machine Learning to Detect DDoS Attacks. 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Metz, 18-21 September 2019, 209-210. [Google Scholar] [CrossRef]
[10]	Dao, N.-N., Park, J., Park, M. and Cho, S. (2015) A Feasible Method to Combat against DDoS Attack in SDN Network. International Conference on Information Networking, Cambodia, 12-14 January 2015, 309-311. [Google Scholar] [CrossRef]
[11]	Xu, J., Wang, L., Song, C. and Xu, Z. (2018) Proactive Mitigation to Table-Overflow in Software-Defined Networking. IEEE Symposium on Computers and Communications, Natal, 25-28 June 2018, 00719-00725.719-721. [Google Scholar] [CrossRef]
[12]	Lu, Y. and Wang, M. (2016) An Easy Defense Mechanism against Botnet-Based DDoS Flooding Attack Originated in SDN Environment Using sFlow. The 11th International Conference, ACM, New York, 412-415. [Google Scholar] [CrossRef]
[13]	Shang, G., Zhe, P., Bin, X., Aiqun, H. and Kui, R. (2017) Flood Defender: Protecting Data and Control Plane Resources under SDN-Aimed DoS Attacks. IEEE Conference on Computer Communications, Atlanta, 1-4 May 2017, 1-9. [Google Scholar] [CrossRef]
[14]	Zhang, P., Wang, H., Hu, C. and Lin, C. (2016) On Denial of Service Attacks in Software Defined Networks. IEEE Network, 30, 28-33. [Google Scholar] [CrossRef]
[15]	Braga, R., Mota, E. and Passito, A. (2010) Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow. IEEE Local Computer Network Conference, Denver, 10-14 October 2010, 408-415. [Google Scholar] [CrossRef]

为你推荐

友情链接