PrNet:一种应对链路洪泛攻击的机制-《计算机技术与发展》

文章信息/Info

Author(s):: YANG Zhi-wei; LIN Zi-xing; LI Rui; School of Cyberspace Security,Dongguan University of Technology,Dongguan 523808,China

Keywords:: link flooding attack; network bottleneck; topology obfuscation; traffic dispersion; software defined network

摘要:: 网络拓扑的特性造成了拓扑中会出现大多数流量汇聚到少部分关键节点和链路的情况,这部分节点和链路会成为链路洪泛攻击所针对的网络瓶颈。现有的防御工作主要围绕隐藏网络瓶颈展开,但对于网络瓶颈的计算度量标准较为单一,且无法应对攻击者发起的盲攻击。为了解决这些问题,提出了一种基于 SDN 的应对机制 PrNet。 PrNet 首先从静态和动态的角度定义了形成网络瓶颈的度量指标,然后生成针对测绘流量的混淆拓扑,通过识别测绘流量并将其引向绕开网络瓶颈的混淆路径,使攻击者得到错误的信息,最后通过概率路径转发算法为节点之间的所有可达路径分配概率,主动分散网络拓扑中的流量,从而减少网络瓶颈的产生。仿真实验表明,PrNet 能够生成具有良好安全性的混淆拓扑,能够根据流量及时调整数据包的转发路径,在应对攻击者发起链路洪泛攻击时具有可行性,并且能够有效缓解盲攻击。

Abstract:: The nature of the network topology causes the situation that most traffic in the topology converges to a small number of criticalnodes and links,which become network bottlenecks targeted by link flooding attacks. Existing defense works focus on hiding networkbottlenecks,but their calculation metrics for network bottlenecks are relatively single and cannot cope with blind attacks launched byattackers. We propose an SDN-based mechanism called PrNet to solve the above problems. The metrics that form network bottlenecksfrom both static and dynamic perspectives is defined,then an obfuscation topology for mapping traffic is generated,which gives attackersmisinformation by identifying mapping traffic and directing it to an obfuscation path that bypasses network bottlenecks. Finally,the probabilistic path forwarding algorithm assigns probabilities to all reachable paths between nodes and actively disperses the traffic in thenetwork topology,thus reducing the generation of network bottlenecks. The simulations shows that PrNet can generate an obfuscatedtopology with good security and can adjust the forwarding path of packet in time according to the traffic,which is feasible in response toattackers launching link flooding attacks,and can effectively mitigate blind attacks.