基于信誉的软件定义网络饱和攻击缓解策略

In software defined Networking (SDN), saturation attack uses its centralized architecture to produce a large number of mismatched packets, which consumes the resources of the central controller, thus affecting the quality of service of the network and even overloading the controller, resulting in network collapse. Aiming at the above problems, this paper proposes a mitigation strategy based on reputation value, defines the reputation value for the switch port node, and allocates the requested resources of the controller through the reputation value. The detection of suspicious ports is divided into three stages according to the characteristics of suspicious ports and normal ports. In the mitigation stage, according to the detection results, firReearch of mitigation of saturation attack in software defined networkingstly filter the attack traffic, increase the reputation value for the normal port, reduce the reputation value for the suspicious port, and realize the flow restriction model based on the reputation valuResearch on mitigation of saturation attack based on reputation in SDNe. Finally, the simulation experiment is carried out in the software environment, we demonstrate the effectiveness with the experiment in an SDN testbed. Also, results showed that our system can efficiently relieve CPU and memory pressure of controller with negligible overhead.