Research On DDoS Attack Defense Method Based On Reinforcement Learning In SDN

Distributed denial of service(DDoS)attacks have always been one of the major security threats on the Internet.As the DDoS attack model will continue to change with the introduction of new protocols and new applications.It means DDoS attack defense is a non-stationary problems.Reinforcement learning(RL)algorithms provide another perspective for solving this problem.At the same time,the emergence of Software-Defined Network(SDN)have also made technical preparations for the research of DDoS attack defense based on machine learning.The core technical idea of SDN is to separate the network control plane from the data plane,and the control plane centrally manages and controls the data plane forward-ing equipment through a southbound protocol.thereby bringing good programmability to the network And evolution.Thanks to the centralized management and control archi-tecture of SDN,network security status data can be collected in real-time in a unified manner,and security policies can also be implemented in a better overall plan.based on SDN,RL,by the analysising and modeling of DDoS attack mode char-acteristics,this paper studies the defense problems of DDoS attacks.First,the Markov Decision Process(MDP)is used to model the DDoS defense problem.Based on the idea of SDN centralized control,a centralized DDoS defense method based on deep RL is proposed.Secondly,using the Proximal Policy Optimization(PPO)algorithm,three different actions are designed to mitigate attacks.Improve training speed and effective-ness through reward shaping and course learning.Then,based on the algorithm model,a DDoS attack defense system based on SDN and reinforcement learning is proposed.The system includes RL modules and data collection modules.Finally,using Tensor-flow and OpenDaylight,the proposed system is implemented,and the correctness and effectiveness of the system are evaluated through experiments.The results show that:under different attack modes,the system can alleviate malicious traffic while Effectively guarantee the use of normal users.