信息工程大学学报2024,Vol.25Issue(3):307-314,8.DOI:10.3969/j.issn.1671-0673.2024.03.009
SDN边缘交换机发起的数据窃取攻击及检测方法研究
Data Theft Attack and Detection Method Initiated by SDN Edge Switch
摘要
Abstract
As devices for data forwarding and policy execution,Soft Defined Network(SDN)switches could be attacked by malicious attackers secretly and fatally,causing serious damage on users´ end-to-end communication quality.This paper first proposes a data theft attack process after an edge switch is hijacked by an attacker,which can evade network-wide anomaly detection,and proves the stealth of this attack.To resist this kind of attack,a flow information consistency detection method is proposed,which incorporates the host information into the consistency detection,and experiments are carried out on the mininet platform based on the ryu controller.The experimental results show that the defense method is effective in resisting the attack of edge switches,without causing too much load increase.关键词
软件定义网络/数据平面安全/受损交换机检测Key words
software defined network/data plane security/damaged switch detection分类
信息技术与安全科学引用本文复制引用
赵扬,伊鹏,张震,胡涛,刘少勋..SDN边缘交换机发起的数据窃取攻击及检测方法研究[J].信息工程大学学报,2024,25(3):307-314,8.基金项目
国家自然科学基金(61872382,62101598,61521003) (61872382,62101598,61521003)
河南省重大科技专项(221100240100) (221100240100)
国家重点研发计划青年科学家项目(2022YFB3102800) (2022YFB3102800)
