| With SDN(Software Defined Network)in the data center network,network virtualization,Internet of Things,cloud computing and other fields of rapid development and large-scale commercial applications.The security of SDN networks is getting more and more attention from the industry.Among them,the side channel attack against the SDN network is one of the major threats faced by SDN.A means of detecting and defending against timing-based side channel attacks in software-defined networks is proposed.The rate of the Packet-In request received by the controller is calculated in real time,and the received Packet-In message is statistically analyzed to implement detection of the side channel attack.And through the pre-installation of flow rules,the dynamic installation of flow rules,the confusion of side information plus noise,and the delay module running on the delay host,the noise of the side information is confused,the judgment of the attacker is disturbed,and the initiator of the side channel attack is increased.By analyzing the side information,it is difficult to obtain the secret information about the network,thereby achieving active defense against the side channel attack and strengthening the resistance of the entire network to the side channel attack.By using a variety of side channel attacks to attack the SDN network,experiments show that the detection and defense system of the side channel attack based on the softwaredefined network can not modify the OpenFlow protocol or switch hardware,support the inband and out-of-band control modes,The detection and defense of side channel attacks are implemented under the premise of supporting multiple controllers and supporting different versions of the OpenFlow protocol. |
PDF Full Text Request