Defense Mechanism Aganist Routing Attacks In Dragonfly-based Data Center Networks

With the rapid development of cloud computing,big data,and artificial intelligence,a large number of application services have led to a sharp increase in the computing and storage demands of data centers.Data center servers require high-speed,reliable,and scalable network topology to provide efficient communication and ensure service quality as network scale increases.The Dragonfly network,as a hierarchical topology structure,has lower network diameter,transmission delay,and a better performance-cost ratio.Meanwhile,in terms of transmission protocols,Remote Direct Memory Access(RDMA)has implemented the entire transmission logic in the network interface card and allows direct access to remote memory bypassing the CPU,reducing transmission latency and CPU overhead compared to TCP/IP.The technologies in network topology and transmission protocol have brought high bandwidth and low latency to data centers,further enhancing network performance.However,security risks such as information leakage and malicious attacks always exist in data centers with multi-tenant environments.When facing attacks,it is necessary to consider how to ensure information security and service reliability.In Dragonfly network,the asymmetry of its paths and the imperfect load balancing of the classical UGAL(Universal Globally Adaptive Load-balanced)routing mechanism on different paths provide opportunities for malicious attackers to occupy a larger proportion of the fast paths.In addition,the inter-group communication scenario in Dragonfly network is also prone to attracting attackers to launch LDDoS attacks,leading to severe fluctuations in the queue length on critical links.This thesis proposes corresponding defense mechanisms for these two potential attack scenarios in Dragonfly data center networks.The main research content and contributions of this thesis are as follows:1.This thesis analyzes the attack threat of malicious users occupying the faster path in Dragonfly data center networks.It points out that under UGAL routing,malicious users can change their own flow transmission mechanism to preempt faster paths in the network,thereby reducing the service quality of the normal users.To mitigate the negative impact of this malicious behavior on the victims,this thesis proposes an improved UGAL routing mechanism.Based on UGAL routing,the mechanism dynamically adjusts the routing according to the ratio of the number of flows routing through non-minimal paths to the number of flows on the minimal path to mitigate the attack’s impact on the victims within the group.Experimental results show that the improved routing mechanism can effectively mitigate the performance degradation caused by this attack on the victims within the group under different traffic patterns,network loads,and traffic workloads.2.This thesis analyzes the threat of LDDoS attacks in Dragonfly data center networks.In a Dragonfly data center network,when inter-group communication is dominated by short flows,the global link contained in the minimal path under UGAL routing becomes critical link,which is vulnerable to LDDoS attacks.This attack can cause delay-sensitive data center short flows to suffer greater delays on the minimal path or be forced to route to non-minimal paths with relatively higher average delays,affecting the completion of related tasks.To address this attack,this thesis proposes a defense mechanism that combines attack detection and mitigation.First,detection of the attack is carried out by analyzing the power spectral density of the queue length on critical links.Then,based on the rerouting mechanism,the attack flows are directed to non-minimal paths to reduce the performance impact on short flows caused by the attack.Experimental results show that the detection accuracy of the defense mechanism is high,effectively mitigating the performance degradation of short flows caused by the attack in the victim group.