Software defined networks are an emerging category of networks in which the data plane and control plane are separated. This separation of planes opens the door for designing sophisticated routing algorithms that would overwhelm the computing power of traditional networking nodes. In this paper, we consider the possibility of introducing node trust into the routing problem. There are many ways for measuring node trust. However, in this paper, we focus on denial of service attacks. We develop a hybrid method for detecting denial of service attacks and incorporate this information in routing decisions so that nodes that are part of a botnet can be quickly identified and excluded from the network. The proposed method is flexible enough to allow nodes that have been suspected of participating in a denial of service attack to be “rehabilitated” if they cease their malicious behavior. The technique is also able to detect the start of a second attack while another one is on-going. Our results indicate that the proposed method for detecting denial of service attacks performs better than non-hybrid techniques.

软件定义的网络是其中数据平面和控制平面分离的网络的新兴类别。飞机的这种分离为设计复杂的路由算法打开了大门，这些算法将压倒传统网络节点的计算能力。在本文中，我们考虑了将节点信任引入路由问题的可能性。有许多方法可以测量节点信任度。但是，在本文中，我们将重点放在拒绝服务攻击上。我们开发了一种用于检测拒绝服务攻击的混合方法，并将此信息合并到路由决策中，以便可以快速识别出僵尸网络一部分的节点并将其从网络中排除。所提出的方法足够灵活，如果怀疑节点停止了恶意行为，则可以“修复”被怀疑参与拒绝服务攻击的节点。该技术还能够检测到另一次攻击正在进行时的第二次攻击的开始。我们的结果表明，提出的用于检测拒绝服务攻击的方法比非混合技术的性能更好。