SGuard：A Lightweight SDN Safe-Guard Architecture for DoS Attacks

作     者：Tao Wang Hongchang Chen 

作者机构：National Digital Switching System Engineering and Technological Research Center Zhengzhou 450002 China 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2017年第14卷第6期

页      面：113-125页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National key Research and Development Program of China(No.2016YFB0800100,2016YFB0800101) the National Natural Science Fund for Creative Research Groups Project(No.61521003) the National Natural Science Fund for Youth Found Project(No.61602509) 

主　　题：sguard software defined networking denial-of-service attack security application 

摘      要：Software Defined Networking(SDN) is a revolutionary networking paradigm towards the future network,experiencing rapid development ***,its main characteristic,the separation of control plane and data plane,also brings about new security challenges,i.e.,Denial-of-Service(DoS) attacks specific to Open Flow SDN networks to exhaust the control plane bandwidth and overload the buffer memory of Open Flow *** mitigate the DoS attacks in the Open Flow networks,we design and implement SGuard,a security application on top of the NOX controller that mainly contains two modules:Access control module and Classification *** employ novel six-tuple as feature vector to classify traffic flows,meanwhile optimizing classification by feature ranking and selecting *** the modules will cooperate with each other to complete a series of tasks such as authorization,classification and so *** the end of this paper,we experimentally use Mininet to evaluate SGuard in a software *** results show that SGuard works efficiently and accurately without adding more overhead to the SDN networks.