The SEND uses CGA as its address configuration method. CGA binds the IPv6 address with multiple auxiliary parameters, thereby making the dependency relationship between IPv6 address and host provable, which prevents address embezzlement. Owing to the considerable overhead in CGA parameter verification, the malicious host can use this point to carry out DoS attacks. To prevent DoS, the paper proposes a new duplicate address detection method in an SDN environment called FDAD. Two additional mechanisms are added to the FDAD, namely, query and feedback; messages used by the new mechanisms are also designed. Through these two mechanisms, on the one hand, the host can query the MAC address of the suspect host to the controller. On the other hand, if the CGA parameter verification fails, the controller will use feedback information to suppress malicious host from its source port in order to prevent subsequent attacks. Experiments show that the CPU overhead of FDAD is much lower than the normal CGA when suffering Denial of Service attack. The increased CPU consumption and memory overhead of the controller are also within acceptable range, and the network communication overhead is greatly reduced.

中文翻译：

---

在SECURE邻居发现协议中使用FDAD防止DAD攻击

SEND使用CGA作为其地址配置方法。CGA将IPv6地址与多个辅助参数绑定在一起，从而可证明IPv6地址与主机之间的依赖关系，从而防止了地址盗用。由于CGA参数验证的大量开销，恶意主机可以使用此点进行DoS攻击。为了防止DoS，本文提出了一种在SDN环境下称为FDAD的新的重复地址检测方法。FDAD增加了两个附加机制，即查询和反馈；还设计了新机制使用的消息。通过这两种机制，一方面，主机可以向控制器查询可疑主机的MAC地址。另一方面，如果CGA参数验证失败，控制器将使用反馈信息从其源端口抑制恶意主机，以防止后续攻击。实验表明，遭受拒绝服务攻击时，FDAD的CPU开销比正常的CGA低得多。控制器增加的CPU消耗和内存开销也在可接受的范围内，并且网络通信开销大大降低。