Journal of Computer Applications ›› 2018, Vol. 38 ›› Issue (1): 188-193.DOI: 10.11772/j.issn.1001-9081.2017061527

Previous Articles     Next Articles

Malicious scanning protection technology based on OpenDayLight

WU Ruohao, DONG Ping, ZHENG Tao   

  1. School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing 100044, China
  • Received:2017-06-21 Revised:2017-08-18 Online:2018-01-10 Published:2018-01-22
  • Supported by:
    This work is partially supported by the National Basic Research Program (973 Program) of China (2013CB329100), the National High Technology Research and Development Program (863 Program) of China (2015AA016103).


吴若豪, 董平, 郑涛   

  1. 北京交通大学 电子信息工程学院, 北京 100044
  • 通讯作者: 吴若豪
  • 作者简介:吴若豪(1993-),男,海南儋州人,硕士研究生,主要研究方向:下一代互联网、软件定义网络、网络安全;董平(1979-),男,河北衡水人,副教授,博士,主要研究方向:下一代互联网、信息网络、网络安全;郑涛(1983-),男,北京人,讲师,博士,主要研究方向:下一代互联网、信息网络、网络安全。
  • 基金资助:

Abstract: Aiming at the problem that Distributed Denial of Service (DDoS) attacks are difficult to detect and defend before the damage is generated, a Control Real-time Defense Mechanism (CRDM) based on Software Defined Network (SDN) for malicious scanning was proposed. Firstly, the advantages of the SDN over the traditional network in the network layer protection technology were analyzed. Secondly, according to the network attack-malicious scanning, a CRDM for defending against malicious scanning was proposed. In CRDM, Representational State Transfer (REST) APIs (Application Program Interfaces) provided by the OpenDayLight (ODL) were used to build an external application to achieve detection, determination and prevention on the switch port. Finally, CRDM was implemented on the ODL platform, and the detection and defense scheme of malicious scanning was tested. The simulation results show that:when a port is scanning the network maliciously, CRDM can disable the port in time, and protect against malicious scanning attacks in real-time. Then, the destructive behavior in a DDoS attack is prevented before it is started.

Key words: Distributed Denial of Service (DDoS) attack, network layer protection, Software Defined Network (SDN), network attack, OpenDayLight (ODL), malicious scanning

摘要: 针对分布式拒绝服务(DDoS)攻击难以在危害产生之前被检测和防御的问题,提出了一种基于软件定义网络(SDN)的面向恶意扫描的控制层实时防护机制。首先,分析了SDN相比传统网络在网络层防护技术上的优势;其次,针对网络攻击手段——恶意扫描,提出了面向恶意扫描的控制层实时防护机制,该机制在SDN集中控制式架构的基础上,充分利用OpenDayLight (ODL)控制器所提供的表述性状态传递(REST)应用程序编程接口(API)开发外部应用,实现了对底层交换机端口的检测、判定、防护三个环节;最后,对给出的方案在ODL平台上进行了编程实现,并实验测试了恶意扫描的检测防御方案。实验结果表明:当有端口正在对网络进行恶意扫描时,面向恶意扫描的控制层实时防护机制可以及时禁用该端口,实时起到对恶意扫描攻击的防护作用,进而在分布式拒绝服务攻击当中具有破坏性的行为还未开始时就对其进行了预防。

关键词: 分布式拒绝服务攻击, 网络层防护, 软件定义网络, 网络攻击, OpenDayLight, 恶意扫描

CLC Number: