{"title":"针对SDN的各种攻击及缓解方法综述","authors":"Mrityunjaya D Hatagundi, H. V. Kumaraswamy","doi":"10.1109/ICCMC.2019.8819717","DOIUrl":null,"url":null,"abstract":"As the technologies leaning towards digitalization, there has been extensive scope for researches in the field of Software Defined Networking. The architectural framework makes the life of network administrators easy by decoupling the data plane and the control plane. This architecture exploits easy configuration of network, thus providing programmable terminal for development of applications related to security, management and logging while the centralized controller gives much more control over entire network. This type of network is at risk due to attacks by the intruders with an intention to slow down or shut down the entire network. One such kind of attacks is DoS attack. DoS attack involves flooding of fake packet flows from a single source into the original packet flow. DDoS is a type of DoS attack where multiple compromised systems, which are often infected with malicious programs, are used to target a single system. Hence to achieve security in distributed environment, it is important to reduce the effect of such attacks. In this paper an approach of mitigating Distributed DoS has been discussed. Approach first detects DDoS using Entropy Detection attack and then uses Bandwidth Prediction method to mitigate it. Entropy is basically used for measuring randomness in the system and there are two essential components to DDoS detection using entropy; window size and threshold.","PeriodicalId":232624,"journal":{"name":"2019 3rd International Conference on Computing Methodologies and Communication (ICCMC)","volume":"234 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"A Comprehensive Survey on Different Attacks on SDN and Approaches to Mitigate\",\"authors\":\"Mrityunjaya D Hatagundi, H. V. Kumaraswamy\",\"doi\":\"10.1109/ICCMC.2019.8819717\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As the technologies leaning towards digitalization, there has been extensive scope for researches in the field of Software Defined Networking. The architectural framework makes the life of network administrators easy by decoupling the data plane and the control plane. This architecture exploits easy configuration of network, thus providing programmable terminal for development of applications related to security, management and logging while the centralized controller gives much more control over entire network. This type of network is at risk due to attacks by the intruders with an intention to slow down or shut down the entire network. One such kind of attacks is DoS attack. DoS attack involves flooding of fake packet flows from a single source into the original packet flow. DDoS is a type of DoS attack where multiple compromised systems, which are often infected with malicious programs, are used to target a single system. Hence to achieve security in distributed environment, it is important to reduce the effect of such attacks. In this paper an approach of mitigating Distributed DoS has been discussed. Approach first detects DDoS using Entropy Detection attack and then uses Bandwidth Prediction method to mitigate it. Entropy is basically used for measuring randomness in the system and there are two essential components to DDoS detection using entropy; window size and threshold.\",\"PeriodicalId\":232624,\"journal\":{\"name\":\"2019 3rd International Conference on Computing Methodologies and Communication (ICCMC)\",\"volume\":\"234 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 3rd International Conference on Computing Methodologies and Communication (ICCMC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCMC.2019.8819717\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 3rd International Conference on Computing Methodologies and Communication (ICCMC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCMC.2019.8819717","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Comprehensive Survey on Different Attacks on SDN and Approaches to Mitigate
As the technologies leaning towards digitalization, there has been extensive scope for researches in the field of Software Defined Networking. The architectural framework makes the life of network administrators easy by decoupling the data plane and the control plane. This architecture exploits easy configuration of network, thus providing programmable terminal for development of applications related to security, management and logging while the centralized controller gives much more control over entire network. This type of network is at risk due to attacks by the intruders with an intention to slow down or shut down the entire network. One such kind of attacks is DoS attack. DoS attack involves flooding of fake packet flows from a single source into the original packet flow. DDoS is a type of DoS attack where multiple compromised systems, which are often infected with malicious programs, are used to target a single system. Hence to achieve security in distributed environment, it is important to reduce the effect of such attacks. In this paper an approach of mitigating Distributed DoS has been discussed. Approach first detects DDoS using Entropy Detection attack and then uses Bandwidth Prediction method to mitigate it. Entropy is basically used for measuring randomness in the system and there are two essential components to DDoS detection using entropy; window size and threshold.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
