摘要
Distributed Denial of Service(DDoS)attack is a difficult issue which needs to be addressed in Software defined networking(SDN). In order to help the controller to weather out the DDoS attack, an efficient controller scheduling method is proposed. The proposed controller scheduling method uses the normalized waiting time, length and extent of the switch being attacked to choose the request that needs to be processed by the controller. The evaluation results validate that compared with the polling based controller scheduling method, the proposed one can significantly reduce the connection failure ratio and delay.
Distributed Denial of Service(DDoS)attack is a difficult issue which needs to be addressed in Software defined networking(SDN). In order to help the controller to weather out the DDoS attack, an efficient controller scheduling method is proposed. The proposed controller scheduling method uses the normalized waiting time, length and extent of the switch being attacked to choose the request that needs to be processed by the controller. The evaluation results validate that compared with the polling based controller scheduling method, the proposed one can significantly reduce the connection failure ratio and delay.
引文
[1]M.Casado,M.Freedman,J.Pettit,et al.,“Ethane:Taking control of the enterprise”,ACM SIGCOMM Computer Communication Review,Vol.37,No.4,pp.1-12,2007.
[2]Y.Cui,L.Yan,S.Li,et al.,SD-Anti-DDoS:“Fast and efficient DDoS defence in software-defined networks”,Journal of Network and Computer Applications,Vol.68,pp.65-79,2016.
[3]X.G.Zhang and W.Ding,“TCP flow identifying algorithm based on finite state automaton”,Acta Electronica Sinica,Vol.45,No.6,pp.1396-1402,2017.
[4]S.Lim,S.Yang,Y.Kim,et al.,“Controller scheduling for continued SDN operation under DDoS attacks”,Electronics Letters,Vol.51,No.16,pp.1259-1261,2015.
[5]Q.Yan,Q.Gong,and F.R.Yu,“Effective software-defined networking controller scheduling method to mitigate DDoSattacks”,Electronics Letters,Vol.53,No.7,pp.469-471,2017.
[6]A.Hussein,I.H.Elhajj,A.Chehab,et al.,“SDN security plane:An architecture for resilient security services”,IEEEInternational Conference on Cloud Engineering Workshop(IC2EW),pp.54-59,2016.
[7]R.Macedo,R.D.Castro,A.Santos,et al.,“Selforganized SDN controller cluster conformations against DDoSattacks effects”.IEEE Global Communications Conference(GLOBECOM),pp.1-6,2016.
[8]S.W.Hsu,T.Y.Chen,C.Y.Chang,et al.,“Design a hashbased control mechanism in vSwitch for software-defined networking environment”,IEEE International Conference on Cluster Computing,pp.498-499,2015.