浏览全部资源
扫码关注微信
SDN中IP欺骗数据分组网络溯源方法研究
Tracing IP-spoofed packets in software defined network
- 通信学报 2018年39卷第11期 页码:181-189
- 作者机构:
南京理工大学计算机科学与工程学院,江苏 南京 210094
- 作者简介:
[ "魏松杰(1977−),男,江苏南京人,博士,南京理工大学副教授、硕士生导师,主要研究方向为信息安全、无线网络与移动计算、物联网区块链等。" ]
[ "孙鑫(1993−),女,河南周口人,南京理工大学硕士生,主要研究方向为软件定义网络、异常检测等。" ]
[ "赵茹东(1992−),男,山东枣庄人,南京理工大学硕士生,主要研究方向为软件定义网络、网络流量分析等。" ]
[ "吴超(1994−),男,江苏扬州人,南京理工大学硕士生,主要研究方向为计算机网络、流量混淆等。" ]
- 基金信息:国家自然科学基金资助项目(61472189);赛尔网络下一代互联网技术创新项目(NGII20160105);赛尔网络下一代互联网技术创新项目(NGII20170119)
DOI:10.11959/j.issn.1000-436x.2018243
中图分类号: TP393-
网络出版日期:2018-11,
纸质出版日期:2018-11-25
- 稿件说明:
移动端阅览
魏松杰, 孙鑫, 赵茹东, 等. SDN中IP欺骗数据分组网络溯源方法研究[J]. 通信学报, 2018,39(11):181-189.
Songjie WEI, Xin SUN, Rudong ZHAO, et al. Tracing IP-spoofed packets in software defined network[J]. Journal on communications, 2018, 39(11): 181-189.
魏松杰, 孙鑫, 赵茹东, 等. SDN中IP欺骗数据分组网络溯源方法研究[J]. 通信学报, 2018,39(11):181-189. DOI: 10.11959/j.issn.1000-436x.2018243.
Songjie WEI, Xin SUN, Rudong ZHAO, et al. Tracing IP-spoofed packets in software defined network[J]. Journal on communications, 2018, 39(11): 181-189. DOI: 10.11959/j.issn.1000-436x.2018243.
摘要
IP 数据分组溯源方法是指从目的地址出发,逐跳找到源主机。该方法在软件定义网络(SDN
software defined network)框架下,通过控制器向网络中相关SDN交换机添加探测流表项,并根据目标数据分组触发的有效溯源Packet-in消息,找到目标数据分组的转发路径及源主机。所提方案可以为调试网络故障提供方便,使网络管理员可以得到任意一个数据分组的转发路径,应对 IP 地址欺骗等网络安全问题。实验证明,该溯源方法能够及时、准确地找到目标数据分组的转发路径,不影响网络中其他数据流转发,且无明显的系统开销。
Abstract
IP packets back tracing is to find the source host hop by hop from the destination.The method found the forwarding path of target packets and source host by adding probe entry into flow tables on SDN switches and analyzing the effective back tracing Packet-in messages sent by related switches.The proposed scheme can provide convenience for debugging network problems
so that the network administrator can obtain the forwarding paths of any data packets.Furthermore
it can help to solve the problem of IP spoofing.Experimental results prove that the traceability method can find the forwarding paths of target packets in a timely and accurate manner without affecting other traffic or significant system overhead.
关键词
Keywords
references
METI N , NARAYAN D G , BALIGAR V P . Detection of distributed denial of service attacks using machine learning algorithms in software defined networks [C ] // International Conference on Advances in Computing,Communications and Informatics (ICACCI) . 2017 : 1366 - 1371 .
阎冬 . IP网络溯源方法及协作模式相关技术研究 [D ] . 北京:北京邮电大学 , 2012 .
YAN D . Research on IP traceback techniques and collaboration pat terns [D ] . Beijing:Beijing University of Posts and Telecommunications , 2012 .
FEAMSTER N , REXFORD J , ZEGURA E . The road to SDN:an intellectual history of programmable networks [J ] . Acm Sigcomm Computer Communication Review , 2014 , 44 ( 2 ): 87 - 98 .
SIEBER C , OBERMAIR A , KELLERER W . Online learning and adaptation of network hypervisor performance models [C ] // IFIP/IEEE Symposium on Integrated Network and Service Management (IM) . 2017 : 1204 - 1212 .
王涛 , 陈鸿昶 , 程国振 . 软件定义网络及安全防御技术研究 [J ] . 通信学报 , 2017 , 38 ( 11 ): 133 - 160 .
WANG T , CHEN H C , CHENG G Z . Research on software-defined network and the security defense technology [J ] . Journal on Communications , 2017 , 38 ( 11 ): 133 - 160 .
PATEL B , MENARIA S . Survey of traceback methods [J ] . Journal of Engineering Computers & Applied Sciences , 2015 , 4 ( 1 ): 22 - 26 .
黄琼 , 熊文柱 , 阳小龙 , 等 . 分层次的无状态单分组IP溯源技术 [J ] . 通信学报 , 2011 , 32 ( 3 ): 150 - 157 .
HUANG Q , XIONG W Z , YANG X L , et al . Hierarchical stateless sin-gle-packet IP traceback technique [J ] . Journal on Communications , 2011 , 32 ( 3 ): 150 - 157 .
YAN D , WANG Y , SU S , et al . A precise and practical IP traceback technique based on packet marking and logging [J ] . Journal of In-formation Science & Engineering , 2012 , 28 ( 3 ): 453 - 470 .
FOROUSHANI V A , ZINCIR-HEYWOOD A N . Deterministic and authenticated flow marking for IP traceback [J ] . 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA) , 2013 , 30 ( 1 ): 397 - 404 .
FRANCOIS J , FESTOR O . Anomaly traceback using software defined networking [C ] // IEEE International Workshop on Information Forensics and Security . IEEE , 2014 .
夏彬 . 基于软件定义网络的 WLAN 中 DDoS 攻击检测和防护 [D ] . 上海:上海交通大学 , 2015 .
XIA B . Research on the detection and defence of DDoS attack in SDN-based WLAN [D ] . Shanghai:Shanghai Jiaotong University , 2015 .
CUI Y , YAN L , LI S , et al . SD-Anti-DDoS:Fast and efficient DDoS defense in software-defined networks [J ] . Journal of Network and Computer Applications , 2016 , 68 : 65 - 79 .
AGARWAL K , ROZNER E , DIXON C , et al . SDN traceroute:tracing SDN forwarding without changing network behavior [C ] // The Workshop on Hot Topics in Software Defined NETWORKING . 2014 : 145 - 150 .
TAMMANA P , AGARWAL R , LEE M . CherryPick:tracing packet trajectory in software-defined datacenter networks [C ] // ACM SIGCOMM Symposium on Software Defined NETWORKING Research . 2015 : 1 - 7 .
NARAYANA S , REXFORD J , WALKER D . Compiling path queries in soft-ware-defined networks [C ] // The Workshop on Hot Topics in Software Defined NETWORKING. . 2014 : 181 - 186 .
NICK M K , ANDERSON T , BALAKRISHNAN H , et al . OpenFlow:enabling innovation in campus networks [J ] . Acm Sigcomm Computer Communication Review , 2008 , 38 ( 2 ): 69 - 74 .
0
浏览量
1456
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答
鸿云智能
中文
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:151733 今日访问量:2