ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2017, Vol. 54 ›› Issue (10): 2356-2368.doi: 10.7544/issn1000-1239.2017.20170389

Previous Articles     Next Articles

A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology

Wang Tao, Chen Hongchang, Cheng Guozhen   

  1. (National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002)
  • Online:2017-10-01

Abstract: Software defined networking (SDN) has quickly emerged as a new communication network management paradigm and greatly changed the traditional network architecture. It provides fine-grained network management service by decoupling the control plane from the data plane. However, due to the separation of control plane from data plane, controller is easy to be the attacking target of DoS. To address this problem, we make a comprehensive research on DoS attacks in SDN, and propose MinDoS, a lightweight and effective DoS mitigation method. MinDoS mainly contains two key techniques/modules: simplified DoS detection module and priority manager. MinDoS can divide flow requests into multiple buffer queues with different priorities according to the users’ trust values. For a better protection towards controller under DoS attacks, this method then uses the SDN controller to schedule processing these flow requests by a dual polling mechanism. In addition, the design of MinDoS is also combined with dynamic controller assignment strategy so as to minimize the average response time of the control plane and improve the quality of service. Finally, we evaluate the performance of MinDoS in the single controller experimental environment and multi-controller experimental environment respectively. The experimental results show that the defense effect of MinDoS works well and the designed system meets the design objective basically.

Key words: software defined networking (SDN), denial-of-service (DoS) attacks, multi-priority queues, dual polling mechanism, quality of service (QoS)

CLC Number: