Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis

doi:10.3969/j.issn.1671-1122.2020.03.002

Abstract

Abstract:

Current researches mainly block traffic on monitoring points after abnormal detection. However, this scheme can only reduce the attack traffic of the path where it is located, but cannot reduce the load of the entire network. This paper proposes a method of multipath solution and blocking method of network attack traffic based on topology analysis. This method first obtains the network topology based on multiple discovery strategies. This method achieves multipath solution based on K shortest path. At the same time, the source of network attacks is traced based on host behavior characteristics, and a filtering scheme based on flow table is adopted to block. Experiments show that the solution has the characteristics of small system overhead, good robustness, high blocking efficiency, and strong practical value.

Key words: traffic attack, multipath solution, blocking method, topology analysis, K shortest pathes

CLC Number:

TP309

SONG Yubo, FAN Ming, YANG Junjie, HU Aiqun. Multipath Solution and Blocking Method of Network Attack Traffic Based on Topology Analysis[J]. Netinfo Security, 2020, 20(3): 9-17.

Figures/Tables 9

References 16

[1]	CNCERT. Internet Security Situation in China in the First Half of 2019[EB/OL]. , 2018-8-13.
	国家互联网应急中心. 2019 年上半年我国互联网网络安全态势[EB/OL]. , 2018-8-13.
[2]	YAN Qiao, YU F R, GONG Qingxiang, et al.Software-defined Networking(SDN) and Distributed Denial of Service(DDoS) Attacks in cloud Computing Environments: A Survey, Some Research Issues, and Challenges[J]. IEEE Communications Surveys & Tutorials, 2015, 18(1): 602-622.
[3]	CUI Yunhe, YAN Lianshan, LI Saifei, et al. SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software-defined Networks[EB/OL]. , 2019-9-11.
[4]	WANG Xiulei, CHEN Ming, XING Changyou.SDSNM: a Software-defined Security Networking Mechanism to Defend Against DDoS Attacks[C]//IEEE. 9th International Conference on Frontier of Computer Science and Technology, August 26-28, 2015, Dalian, China. New Jersey: IEEE, 2015: 115-121.
[5]	BURAGOHAIN C, MEDHI N.FlowTrApp: An SDN Based Architecture for DDoS Attack Detection and Mitigation in Data Centers[C]//IEEE. 3rd International Conference on Signal Processing and Integrated Networks, February 11-12, 2016, Noida, India. New Jersey: IEEE, 2016: 519-524.
[6]	SARWAR M A, HUSSAIN M, ANWAR M U, et al. FlowJustifier: An Optimized Trust-based Request Prioritization Approach for Mitigation of SDN Controller DDoS Attacks in the IoT Paradigm[EB/OL]. , 2019-9-10.
[7]	RAHMAN O, QURAISHI M A G, LUNG C H. DDoS Attacks Detection and Mitigation in SDN Using Machine Learning[EB/OL]. , 2019-9-10.
[8]	SAHAY R, BLANC G, ZHANG Zonghua, et al. Towards Autonomic DDoS Mitigation Using Software Defined Networking[EB/OL]. , 2019-9-10.
[9]	VON AHN L, BLUM M, HOPPER N J, et al.CAPTCHA: Using Hard AI Problems for Security[C]//Springer. Annual International Conference on the Theory and Applications of Cryptographic Techniques, May 4-8, Warsaw, Poland. Heidelberg: Springer, 2003: 294-311.
[10]	CHUNG C J, KHATKAR P, XING Tianyi, et al.NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems[J]. IEEE Transactions on Dependable and Secure Computing, 2013, 10(4): 198-211.
[11]	XING Tianyi, HUANG Dijiang, XU Le, et al.Snortflow: A Openflow-based Intrusion Prevention System in Cloud Environment[C]//IEEE. 2nd GENI Research and Educational Experiment Workshop, March 20-22, 2013, Salt Lake City, UT, USA. New Jersey: IEEE, 2013: 89-92.
[12]	CONTI M, GANGWAL A, GAUR M S.A Comprehensive and Effective Mechanism for DDoS Detection in SDN[C]//IEEE. 13th International Conference on Wireless and Mobile Computing, Networking and Communications, October 9-11, 2017, Rome, Italy. New Jersey: IEEE, 2017: 1-8.
[13]	DA SILVA A S, WICKBOLDT J A, GRANVILLE L Z, et al. ATLANTIC: A Framework for Anomaly Traffic Detection, Classification, and Mitigation in SDN[C]//IEEE. NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium, April 25-29, 2016, Istanbul, Turkey. New Jersey: IEEE, 2016: 27-35.
[14]	BARKI L, SHIDLING A, METI N, et al.Detection of Distributed Denial of Service Attacks in Software Defined Networks[C]//IEEE. 2016 International Conference on Advances in Computing, Communications and Informatics, September 21-24, 2016, Jaipur, India. New Jersey: IEEE, 2016: 2576-2581.
[15]	ABUBAKAR A, PRANGGONO B.Machine Learning Based Intrusion Detection System for Software Defined Networks[C]//IEEE. 7th International Conference on Emerging Security Technologies, September 6-8, 2017, Canterbury, UK. New Jersey: IEEE, 2017: 138-143.
[16]	BRAGA R, MOTA E, PASSITO A.Lightweight DDoS Flooding Attack Detection Using NOX/OpenFlow[C]//IEEE. IEEE Local Computer Network Conference, October 10-14, 2010, Denver, CO, USA. New Jersey: IEEE, 2010: 408-415.

特征量	计算方法
源地址总流表数	$flowInCountSrc=n$
接收数据包总数	$pktInCount=\sum\limits_{i=1}^{n}{pktsI{{n}_{i}}}$
接收字节总数	$byteInCount=\sum\limits_{i=1}^{n}{bytesI{{n}_{i}}}$
目的IP地址的熵	$H(dstIP)=\sum\limits_{i=1}^{n}{{{p}_{i}}\log {{p}_{i}}}$

特征量	计算方法
目的地址总流表数	$flowOutCountDst=m$
发送数据包总数	$pktOutCount=\sum\limits_{i=1}^{m}{pktsOu{{t}_{i}}}$
发送字节总数	$byteOutCount=\sum\limits_{i=1}^{m}{bytesOu{{t}_{i}}}$
源IP地址的熵	$H(srcIP)=\sum\limits_{i=1}^{m}{{{p}_{i}}\log {{p}_{i}}}$