Research And Implementation Of Routing Technology For SDN Saturation Attack

Software-Defined Networking(SDN)separates forwarding action from routing decision.The controller computes routing rules for data plane traffic and installs them in the flow table of the switch.However,attackers can control multiple hosts in the network to become zombies and send a large number of data packets with specific destination IP addresses according to the topology of the SDN network,so that these data packets can pass through the target switch under the traditional SDN routing scheme,resulting in tab-miss events in the target switch.A large number of PACKET_IN messages are sent to the controller,which continuously consumes the bandwidth resources of the control channel and the computing resources of the controller,increases the delay and packet loss rate of flow transmission,and even makes the hosts unable to communicate with each other.This attack is called saturation attack caused by aggregated traffic.Aiming at the convergent traffic saturation attack existing in the current SDN,this thesis studies the solution of route selection,and proposes the dynamic route selection technology based on entropy weight method to solve the saturation attack.The research content and contributions of this thesis mainly include:(1)Aiming at the problem that the traditional routing scheme may make a large amount of traffic converge to a switch,resulting in saturation attack,a two-stage routing selection technology based on entropy weight method was proposed.In the first stage,a number of paths are calculated as alternative paths for each pair of switches by Yen algorithm,and the alternative paths are dynamically added according to the flow table space of the switch and the reported PACKET_IN rate during the operation.In the second stage,according to the real-time properties of the network,considering the network factors such as control channel bandwidth occupation,flow table occupation,delay and available bandwidth,the alternative paths in the alternative path set are scored based on the entropy weight method,and an optimal path is selected as the routing path to avoid too much traffic converging to a switch and alleviate the saturation attack.(2)Design and implement a software-defined network saturation attack protection system.Based on thr SDN controller,the system incorporates the dynamic routing technology proposed in this thesis,which is based on entropy weight method.It is used to protect against traffic convergence saturation attacks.Functional experiments are carried out.The results show that the integrated system can effectively protect against the attack and ensure the security of software-defined network.