Tongxin xuebao (Nov 2021)
Research on flood defense mechanism of SDN control layer:detection and mitigation
Abstract
Aiming at the problem of spoofing flood defense in the control layer of SDN, a controller defense mechanism (CDM)was proposed, including a flood detection mechanism based on key features multi-classification and a flood mitigation mechanism based on SAVI.The flood feature analysis module of the control layer was designed for flood detection, and boosting algorithm was used to overlay each feature weak classifier to form an enhanced classifier, which can achieve more accurate classification spoofing flooding attack effect by continuously reducing the residual in the calculation.In CDM, a flood mitigation mechanism based on SAVI was deployed to realize flood mitigation, which performed flood packet path filtering based on binding-verification mode, and updated the flood features of access layer switches with dynamic polling mode to reduce redundant model update load.The experimental results show that the proposed method has the characteristics of low overhead and high precision.CDM effectively increases the security of the control layer, and reduces the time of host classification of spoofing flood attack and the CPU consumption of corresponding controller.
