期刊
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
卷 87, 期 -, 页码 20-31出版社
ACADEMIC PRESS LTD- ELSEVIER SCIENCE LTD
DOI: 10.1016/j.jnca.2016.04.013
关键词
Dynamic traffic partitioning; SYN flooding attacks; Half-open connection separation; Counting bloom filters
类别
资金
- National Natural Science Foundation of China [61502056, 61303043]
- Hunan Provincial Natural Science Foundation of China [2015E3010, 13JJ4052]
- Scientific Research Fund of Hunan Provincial Education Department [15B009, 14C0285]
The continual growth of network traffic rates leads to heavy packet processing overheads, and a typical solution is to partition traffic into multiple network processors for parallel processing especially in emerging software-defined networks. This paper is thus motivated to propose a robust dynamic network traffic partitioning scheme to defend against malicious attacks. After introducing the conceptual framework of dynamic network traffic partitioning based on flow tables, we strengthen its TCP connection management by building a half-open connection separation mechanism to isolate false connections in the initial connection table (ICT). Then, the lookup performance of the ICT table is reinforced by applying counting bloom filters to cope with malicious behaviors such as SYN flooding attacks. Finally, we evaluate the performance of our proposed traffic partitioning scheme with real network traffic traces and simulated malicious traffic by experiments. Experimental results indicate that our proposed scheme outperforms the conventional ones in terms of packet distribution performance especially robustness against malicious attacks. (C) 2016 Elsevier Ltd. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据