LIÊN KẾT WEBSITE
A secured OpenFlow-based switch architecture
Proceedings - 2016 International Conference on Advanced Computing and Applications, ACOMP 2016 Số , năm 2017 (Tập , trang 83-89)
ISSN: 9781509061433
ISSN: 9781509061433
DOI: 10.1109/ACOMP.2016.021
Tài liệu thuộc danh mục: Scopus
Final
English
Từ khóa: Field programmable gate arrays (FPGA); Network architecture; Network protocols; Software defined networking; Table lookup; DDoS; False negative rate; False positive rates; Hop-count filtering; Network protection; Openflow networks; Prototype versions; Switch architectures; Network security
Tóm tắt tiếng anh
In this paper, we propose a secured OpenFlow-based switch architecture. The architecture is a combination of OpenFlow Processing that routes packets according to the OpenFlow protocol and Security Processing that defends against network attacks. Therefore, the proposed switch can work not only as a OpenFlow-based forwarding device but also as a network protection system. We implement our prototype switch on a Xilinx Virtex 5 xc5vtx240t FPGA device. In this prototype version, we integrate two different DDoS countermeasure techniques, the Hop-Count filtering and Port Ingress/Egress filtering. The experimental results show that the switch achieves packet processing throughput by up to 19.7 Gbps while a 100% DDoS detection rate with up to a 2.9% false positive rate and a 0% false negative rate is obtained. Our prototype system uses up to 36% Look-Up Tables, 38% Registers, and 62% Block RAM of the FPGA device. 2016 IEEE.