Research On DDoS Attack Detection And Mitigating Mechanism In SDN Network

The distributed nature of traditional network makes it more difficult for administrators to implement centralized control over the network.It is difficult to quickly and accurately detect attacks and trace the attacker of distributed denial of service attacks(DDoS).To solve this problem,this paper studies DDoS attacks in software-defined networks by combining the advantages of centralized control,dynamic management and distributed denial of service attacks in Software-Defined Networks(SDNs).The main contributions of our work include the following:The first part of this article is intended to build a simple and efficient DDoS detection scheme for SDN networks.First of all,based on the characteristics of the flow table,we introduce the concept of bidirectional traffic,propose the four-tuple attack detection feature,and use the hierarchical selforganizing mapping algorithm to quickly and accurately analyze and classify the quaternion eigenvectors extracted from the flow.At the same time,a detection scheme is proposed to locate potential victims by adaptively changing the granularity of monitoring flow table.Simulation results show that the four-tuple features proposed in this paper,as well as the detection algorithm can detect attacks and locate victims with an accuracy of approximately 96%,and the computational cost added to controller is small.Secondly,our DDoS detection scheme in the SDN scenario is based on the characteristics of network flow,so in the DDoS detection scheme based on the network flow characteristics,it is very crucial to judge whether the network flow is normal or not.Therefore,this paper studies the algorithm of the anomaly detection for training and classifying the network flow after the network flow feature is extracted.When we applied BP(Back Propagation)neural network in DDoS network feature training classification,it renders low detection rate and long training time,so this paper proposes an improved differential evolution algorithm to optimize BP neural network anomaly detection algorithm.This algorithm introduces the simulated annealing algorithm and a mutation operator that combines DE / rand / 1 and DE / best / 1 to improve the differential evolution algorithm to improve its global optimization ability.The improved algorithm is used to optimize the weight threshold of BP neural network,the BP neural network is converged by successive iterative training,and the optimized BP neural network is used in intrusion detection.This algorithm has been simulated in the SDN experiment scene,the simulation results show that the optimized BP network can improve the convergence speed and precision obviously.It can improve the detection accuracy when detecting abnormal network flow.What's more,it shortens the training time.Finally,according to the simplicity of the SDN controller delivering the configuration flow entry,this paper proposes a set of DDoS mitigation strategies in the SDN scenario considering the characteristics of flow table,which starts after the system detects the victim.At the same time,in order to ensure the normal communication of legitimate traffic,this paper proposes an attacker segment positioning algorithm to search for the smallest segment of the attacker's network segment,and issued by the controller to block the malicious traffic sent to the victim.Finally,simulation experiments show that the DDoS mitigation strategy in this section is efficient and reasonable.