%0 Journal Article %A LIU Panwen %A TANG Xing %A ZOU Chengming %T Real-time defence against dynamic host configuration protocol flood attack in software defined network %D 2019 %R 10.11772/j.issn.1001-9081.2018091852 %J Journal of Computer Applications %P 1066-1072 %V 39 %N 4 %X In Software Defined Network (SDN), Dynamic Host Configuration Protocol (DHCP) flood attack packets can actively enter the controller in reactive mode, which causes a huge hazard to SDN. Aiming at the promblem that the traditional defense method against DHCP flood attack cannot keep the SDN network from control link blocking caused by the attack, a Dynamic Defense Mechanism (DDM) against DHCP flood attacks was proposed. DDM is composed of a detection model and mitigation model. In the detection model, different from the static threshold detection method, a dynamic peak estimation model was constructed by two key parameters - DHCP average traffic seed and IP pool surplus to evaluate whether the ports were attacked. If the ports were attacked, the mitigation model would be informed. In the mitigation model, the IP pool cleaning was performed based on the response character of Address Resolution Protocol (ARP), and an interval interception mechanism was designed to intercept the attack source, mitigating the congestion and minimizing the impact on users during interception. Simulation experimental results show that the detection error of DDM is averagely 18.75%, lower than that of the static threshold detection. The DDM mitigation model can effectively intercept traffic and reduce the waiting time for users to access the network during the interception by an average of 81.45%. %U http://www.joca.cn/EN/10.11772/j.issn.1001-9081.2018091852