Dynamic network defense scheme based on programmable software defined networks
Sniffing attacks and flooding attacks are two common attack methods in the Internet of Things(IoT):sniffing attacks have strong concealment and aim to steal user data;flooding attacks are destructive and can affect normal network communication and services.Attackers may use sniffing attacks to find their targets,and then attack them through flooding attacks,which poses a serious security threat to IoT.However,defense measures such as endpoint information hopping,false IP hopping,and dual IP hopping focus on single type attacks and are difficult to effectively respond to such attack methods.A dynamic network defense scheme based on Programmable Software Defined Network(SDN)was proposed to address the security issues faced in the IoT environment.In the attack investigation stage,by dynamically changing the protocol number and periodically jumping the quadruple in the data packet,it is possible to successfully obfuscate the endpoint information,thereby effectively resisting sniffing attacks.During the attack implementation phase,by using first packet dropout and source authentication,it is possible to successfully resist flooding attacks and significantly improve network security.The simulation experiment results show that compared with traditional defense schemes against single type attacks,this scheme can effectively resist sniffing attacks and flooding attacks at different stages of network attacks,while maintaining lower communication latency and CPU load.
Internet of Things(IoT)Software Defined Network(SDN)Moving Target Defense(MTD)flooding attacksniffing attack
万方数据
维普
