Research On SDN Fingerprint Attack Defense Mechanism Based On Dynamic Disturbance And Information Entropy Detection

Software Defined Networking(SDN),as a new innovative architecture for network virtualization,has become a research hotspot in the networking industry since its introduction,and its widespread application has been accompanied by increasing attention to security issues.As one of the most serious threats to network security,attackers can obtain key fingerprint information of the target network through sniffing and packet capturing to further lay the foundation for launching more threatening attacks later.At this stage,the research focus on SDN fingerprint attacks at home and abroad is not balanced enough: the current research focuses on attack methods,mostly on the discovery and experimental validation of attack methods,but less on defense methods,lacking systematic analysis and summary,and unable to form a complete research framework and system,leading to the existence of large security risks in SDN networks still.Based on this paper,a fingerprint attack defense mechanism combining dynamic perturbation and information entropy detection is proposed,and the main contents of the research work are as follows:(1)The threat of fingerprinting attacks on SDN networks is discussed and the attack principles are analyzed.Due to the "three-layer-three-interface" architecture of SDN networks,an attacker can determine whether the constructed probe packet triggers the interaction between the data plane and the control plane,and observe the change in packet round-trip time(RTT)to infer fingerprint information such as the matching rules within the SDN network.RTT),so as to infer fingerprint information such as matching rules within the SDN network.Based on the above analysis,this paper proposes a packet dynamic perturbation method combining the moving average algorithm,Bloom Filter and packet delay tool to achieve the purpose of confusing the adversary by perturbing the initial small number of packets of the data stream.(2)Based on the above proposed dynamic perturbation method,a lightweight multidimensional feature-based information entropy primary inspection method is proposed to achieve real-time processing feedback on fingerprinting attacks on SDN networks.This method is based on the statistical calculation of the multidimensional features of the packets to derive the information entropy value of the packets,which is used to infer the presence of abnormal traffic.For traffic that is judged to be suspicious,the port on which it is located is further processed and anomaly logs are recorded for subsequent analysis and processing.This paper uses Mininet to simulate SDN network architecture and conducts simulation experiments for fingerprinting attack defense.The experimental results demonstrate the feasibility of the defense mechanism proposed in this paper,and the SDN Fingerprinting Attack Defense Mechanism Based on Dynamic Perturbation and Information Entropy Detection(SFDDPIE)shows superior performance in reducing the system performance impact compared with the defense mechanisms proposed in other existing research works.More specifically,SFDDPIE not only prevents fingerprinting attacks,but also maintains the high performance level of SDN networks,reduces system performance loss,and detects fingerprinting attacks quickly and accurately so that timely countermeasures can be taken.