Hits:

Indexed by:会议论文

Date of Publication:2018-12-11

Included Journals:EI

Volume:2018-December

Page Number:612-619

Key Words:Controllers; DOS; Entropy; Game theory; Network architecture; Packet networks, Centralized architecture; Incentive mechanism; Information entropy; Malicious packets; Non-cooperative repeated games; Normal operations; Packet loss rates; Simulation evaluation, Denial-of-service attack

Abstract:Software defined network (SDN)can manage the whole network flexibly because of its programmability and logically centralized architecture. However, the centralized architecture of SDN makes it more vulnerable to Denial of Service (DoS)attack which is launched by sending a large number of malicious packet-in packets to consume the resources of the controller and data planes. In order to protect the normal operation of the network from DoS, we propose an effective DoS mitigation framework based on non-cooperative repeated game called PrioGuard. DoS can be detected based on the information entropy, packet-in rate and packet-in response rate. Furthermore, the penalty-incentive mechanism of repeated game is adopted to punish these attackers by lowering their priority in order to postpone their requests. The requests from attackers will be migrated to data plane cache, which can mitigate the interface cache of control plane and make the controller process the normal requests effectively. We have implemented a prototype system of PrioGuard. Simulation evaluations demonstrate that our scheme is very effective with less response time, less packet loss rate and lower controller load. © 2018 IEEE.