关键词: 低速率DoS攻击, SDN架构, 拓扑发现, 连续突发检测

Abstract:

Acquiring network topology accurately is important for Software?Defined?Network（SDN） controller to make effective control decisions. However, the current network topology discovery mechanisms are vulnerable to attacks such as the Low rate Denial of Service（LDoS） attack. In this paper, the influence of LDoS attack on the SDN topology discovery mechanism is analyzed theoretically and experimentally, and an LDoS attack defense mechanism for SDN topology discovery named TopoGuard is proposed. According to the periodic characteristics of LDoS attacks, TopoGuard uses the continuous burst detection method to detect the suspected attack scenarios quickly, and then avoids the network topology interruption caused by attacks based on the active link identification method. Finally, the TopoGuard mechanism is implemented on OpenDaylight controller. The experimental results show that TopoGuard can effectively detect and defend against LDoS attacks and ensure the correctness of the global topology information acquired by the controller.

Key words: low rate DoS attack, SDN architecture, topology discovery, continuous burst detection