Research On DDoS Attack Detection And Defense Technology Based On Cross-plane Cooperation

In recent years,Software Defined Network(SDN)has begun to be widely used in various network scenarios with the characteristics of separation of relay and control,centralized control,programmability,and scalability.However,due to the separation of SDN forwarding and control planes,the security threats faced by traditional networks are also more severe.Distributed Denial-of-Service(DDo S)is a malicious attack designed to exhaust the target server's CPU resources or network bandwidth.The detection of DDo S attacks in a general SDN environment is concentrated on the control plane and passes rounds.Obtaining network status data by means of inquiry puts greater pressure on the controller and the southbound channel.After a DDo S attack is detected,it is usually necessary to perform attack backtracking to locate the source of the attack.However,the current attack backtracking methods inevitably bring large additional costs and delays,and accuracy also has certain defects.In order to solve the above-mentioned problems,this paper proposes a DDo S detection and defense method based on cross-plane collaboration.Using the customizable feature of the programmable switch pipeline,a solution for cross-plane two-level detection and edge defense is designed.The specific work of this paper includes the following three aspects:(1)Aiming at the problem of excessive controller consumption and southbound overhead caused by the polling DDo S detection method based on the controller,this paper uses programmable switches and P4 language to improve the base counting algorithm Hyper Log Log commonly used in big data scenarios,and design A coarsegrained detection algorithm suitable for programmable switches is used to offload the heavy daily detection of the control plane to the data plane.The fine-grained detection of the control plane is triggered only after the data plane detection alarm,which reduces the southbound communication overhead and controller CPU consumption.And the algorithm supports hot deployment on programmable switches without adding middleware.(2)Aiming at the problem of fine-grained algorithm performance of the control plane,this paper designs a deep learning method based on the SAE-SVM hybrid model.In-depth analysis of the characteristics of DDo S attack traffic,selected eight representative characteristics,through the unsupervised model SAE to reduce the dimensionality of the features,learn more abstract features,and then use the SVM algorithm to classify to find out the attack traffic.Compared with traditional machine learning methods,it effectively reduces training time and improves detection performance.(3)Aiming at the problem of DDo S attack traffic defense,this paper designs a targeted edge drop strategy,uses in-band measurement technology to trace the attack source,finds the edge switch where the attack traffic enters the network,and implements the black and white list-based drop strategy at the edge switch.It is implemented in the programmable switch pipeline,does not affect the normal forwarding of data packets and does not need to send probe packets,the extra overhead is extremely low,and the traceability results are completely reliable.In this paper,an SDN simulation environment is built,and the ONOS controller and Mininet are used for simulation experiments.The experimental results show that compared with other methods in recent years,the detection accuracy,precision,recall rate and other indicators of the method in this paper are improved by about 5%?10%.When the attack does not occur,the controller CPU utilization rate is reduced from 40%to about 10%,the overall cost of the southbound channel is reduced to about 1/10 of the original,and the defense response time is about 5s.