Journal of South China University of Technology (Natural Science Edition) ›› 2020, Vol. 48 ›› Issue (11): 114-122.doi: 10.12141/j.issn.1000-565X.200282

• Computer Science & Technology • Previous Articles     Next Articles

Research on SDN Topology Attack and Its Defense Mechanism

LU Yiqin1 MAO Zhongshu2 CHENG Zhe2 QIN Jiancheng1 JIN Dongzi1 PAN Weiqiang3   

  1. 1. School of Electronic and Information Engineering,South China University of Technology,Guangzhou 510640,Guangdong,China; 2. School of Computer Science and Engineering,South China University of Technology,Guangzhou 510640,Guangdong,China; 3. Information and Network Engineering and Research Center,South China University of Technology,Guangzhou 510640,Guangdong,China
  • Received:2020-06-03 Revised:2020-06-17 Online:2020-11-25 Published:2020-11-05
  • Contact: 程喆(1980-),男,博士生,讲师,主要从事计算机网络、信息安全研究。 E-mail:csmzs1995@mail.scut.edu.cn
  • About author:陆以勤(1968-),男,教授,博士生导师,主要从事 SDN、网络功能虚拟化、网络安全研究。E-mail: eeyqlu @scut.edu.cn
  • Supported by:
    Supported by the R&D Program in Key Areas of Guangdong Province (2018B010113001,2019B010137001),Guangzhou Science and Technology Foundation of China (201902010061)

PDF

313

Abstract: A SDN topology attack defense mechanism———PolicyTopo was proposed in order to protect the view se-curity of the controller in software-defined networking (SDN),especially the global view integrity in the context of network link state changes. This mechanism introduces information entropy theory to build a model to verify the change of network link delay,and at the same time defines the security of data device ports. It also solves the de-fense problem of topology attacks under network state changes while defending against traditional topology attacks.PolicyTopo was deployed both on the virtual environment and the physical experiment platform,and the offensive and defensive tests were carried out based on Floodlight. The results show that PolicyTopo can dynamically and ef-fectively protect the topology integrity during network state changes and improve the security of the global view of the network. Compared with other mainstream defense mechanisms,this mechanism can largely reduce the cost of network resource and improve the security,flexibility and scalability of the network.

Key words: software-defined networking, cyber security, SDN controller, topology attack