A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology

Wang Tao; Chen Hongchang; Cheng Guozhen

doi:10.7544/issn1000-1239.2017.20170389

Journal of Computer Research and Development > 2017 > 54(10): 2356-2368. > DOI: 10.7544/issn1000-1239.2017.20170389 CSTR: 32373.14.issn1000-1239.2017.20170389

Wang Tao, Chen Hongchang, Cheng Guozhen. A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology[J]. Journal of Computer Research and Development, 2017, 54(10): 2356-2368. DOI: 10.7544/issn1000-1239.2017.20170389

Citation:

PDF (4072 KB)

A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology

(National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002)

More Information

Published Date: September 30, 2017

Graphical Abstract

Abstract

Abstract

Software defined networking (SDN) has quickly emerged as a new communication network management paradigm and greatly changed the traditional network architecture. It provides fine-grained network management service by decoupling the control plane from the data plane. However, due to the separation of control plane from data plane, controller is easy to be the attacking target of DoS. To address this problem, we make a comprehensive research on DoS attacks in SDN, and propose MinDoS, a lightweight and effective DoS mitigation method. MinDoS mainly contains two key techniques/modules: simplified DoS detection module and priority manager. MinDoS can divide flow requests into multiple buffer queues with different priorities according to the users’ trust values. For a better protection towards controller under DoS attacks, this method then uses the SDN controller to schedule processing these flow requests by a dual polling mechanism. In addition, the design of MinDoS is also combined with dynamic controller assignment strategy so as to minimize the average response time of the control plane and improve the quality of service. Finally, we evaluate the performance of MinDoS in the single controller experimental environment and multi-controller experimental environment respectively. The experimental results show that the defense effect of MinDoS works well and the designed system meets the design objective basically.

FullText(HTML)

References (0)

[1]	Zhang Chunyun, Zhao Hongyan, Deng Jiqin, Cui Chaoran, Dong Xiaolin, Chen Zhumin. Category Adversarial Joint Learning Method for Cross-Prompt Automated Essay Scoring[J]. Journal of Computer Research and Development, 2025, 62(5): 1190-1204. DOI: 10.7544/issn1000-1239.202440266
[2]	Lu Feng, Li Wei, Gu Lin, Liu Shuai, Wang Runheng, Ren Yufei, Dai Xiaohai, Liao Xiaofei, Jin Hai. Selection of Reputable Medical Participants Based on an Iterative Collaborative Learning Framework[J]. Journal of Computer Research and Development, 2024, 61(9): 2347-2363. DOI: 10.7544/issn1000-1239.202330270
[3]	Lu Yuxuan, Kong Lanju, Zhang Baochen, Min Xinping. MC-RHotStuff: Multi-Chain Oriented HotStuff Consensus Mechanism Based on Reputation[J]. Journal of Computer Research and Development, 2024, 61(6): 1559-1572. DOI: 10.7544/issn1000-1239.202330195
[4]	Zheng Susu, Fu Xiaodong, Yue Kun, Liu Li, Liu Lijun, Feng Yong. Online Service Reputation Measurement Method Based on Kendall tau Distance[J]. Journal of Computer Research and Development, 2019, 56(4): 884-894. DOI: 10.7544/issn1000-1239.2019.20180034
[5]	Ma Haiyan, Liang Yongquan, Ji Shujuan, Li Da. A Trust-Distrust Based Reputation Attacks Defending Strategy and Its Stability Analysis[J]. Journal of Computer Research and Development, 2018, 55(12): 2685-2702. DOI: 10.7544/issn1000-1239.2018.20170587
[6]	Zhang Yuanpeng, Deng Zhaohong, Chung Fu-lai, Hang Wenlong, Wang Shitong. Fast Self-Adaptive Clustering Algorithm Based on Exemplar Score Strategy[J]. Journal of Computer Research and Development, 2018, 55(1): 163-178. DOI: 10.7544/issn1000-1239.2018.20160937
[7]	Lin Hui, Ma Jianfeng, Xu Li. A Secure Routing Protocol for MWNs Based on Cross-Layer Dynamic Reputation Mechanism[J]. Journal of Computer Research and Development, 2014, 51(7): 1486-1496.
[8]	Ma Shouming, Wang Ruchuan, Ye Ning. Secure Data Aggregation Algorithm Based on Reputations Set Pair Analysis in Wireless Sensor Networks[J]. Journal of Computer Research and Development, 2011, 48(9): 1652-1658.
[9]	Zhao Xiang, Huang Houkuan, Dong Xingye, and He Lijian. A Trust and Reputation System Model for Open Multi-Agent System[J]. Journal of Computer Research and Development, 2009, 46(9): 1480-1487.
[10]	He Lijian, Huang Houkuan, Zhang Wei. A Survey of Trust and Reputation Systems in Multi Agent Systems[J]. Journal of Computer Research and Development, 2008, 45(7).