Summary: | 碩士 === 元智大學 === 資訊工程學系 === 104 === Software-defined networking (SDN) is a new network architecture with the central control. The purpose is to allow network to become more flexible and easier to manage. Besides, the need for the resources and services of applications can have better also management.
SDN architecture is to separate the control plane and data plane. Control plane uses a controller to centrally manage SDN switch, while the data plane handles only data transmission, which can reduce the difficulty of management. SDN using OPENFLOW protocol to connect the control plane and data plane, so that when the packet enters first into the flow table, the matching flows can be forwarded directly. SDN has been proven successful in improving not only network performance but also network security. However, the centralized control in SDN architecture incurs new security vulnerabilities. Because all of the management functionality are in the controller, the UDP flooding attack can be easily launched and causes serious packet transmission delay, performance loss on the controller and therefore even network shutdown.
Therefore, in this thesis, for UDP flood attack, we will carry out a simulation to prove flooding attack can harm the controller. After that, the defense presented a lightweight method is presented. Via the experiments, we demonstrate the performance and safety of our proposed defense mechanism. The advantage of our defense is that it will not incur too much computation and communication burden if no attack is launched. The controller itself has no need to be modified with our defense mechanism. In particular, our defense can always monitor the status of the controller. If necessary, add flow table rules to ensure normal operation of the controller and the network.
|