点击次数：

论文类型：会议论文

发表时间：2018-01-01

收录刊物：CPCI-S

页面范围：612-619

关键字：SDN; DoS; Entropy; Game theory

摘要：Software defined network (SDN) can manage the whole network flexibly because of its programmability and logically centralized architecture. However, the centralized architecture of SDN makes it more vulnerable to Denial of Service (DoS) attack which is launched by sending a large number of malicious packet_in packets to consume the resources of the controller and data planes. In order to protect the normal operation of the network from DoS, we propose an effective DoS mitigation framework based on non-cooperative repeated game called PrioGuard. DoS can be detected based on the information entropy, packet_in rate and packet_in response rate. Furthermore, the penalty-incentive mechanism of repeated game is adopted to punish these attackers by lowering their priority in order to postpone their requests. The requests from attackers will be migrated to data plane cache, which can mitigate the interface cache of control plane and make the controller process the normal requests effectively. We have implemented a prototype system of PrioGuard. Simulation evaluations demonstrate that our scheme is very effective with less response time, less packet loss rate and lower controller load.