Research On DDoS Attack Detection And Source Tracing Technology Based On SDN

With the development of the times,the importance of network security has become increasingly prominent.DDoS(Distributed Denial of Service)attacks are one of the important factors that threaten network security.Attackers use multiple hosts to send large amounts of data to victims,causing congestion of network service equipment and links.The detection and resistance of DDoS based on the static traditional network architecture have obvious limitations in the unified scheduling and traffic analysis of the whole network,making it difficult to adjust the flow path and bringing heavy load to the forwarding equipment.As a new network architecture,SDN(Software Defined Network)has the following characteristics such as whole network perspective,centralized control and the separation of data controlling and forwarding,which provides a new solution to the detection and traceability of DDoS attacks.Based on the above problems,this thesis uses the characteristics of the SDN network to study the detection and traceability of DDoS attacks,and proposes an SDN-based DDoS attack detection and traceability solution.In addition,in view of the limitations of the existing SDN network experiment environment,this thesis designs and implements a configurable network security experiment system based on SDN.The main contents are as follows:(1)This thesis studies the DDoS attack detection method based on the SDN network,and designs the detection scheme of DDoS attack based on HMM Model(Hidden Markov Model)which innovatively detecting attacks based on spatial sequence.Combined with the data characteristics of multiple switches,the DDoS attack state is regarded as the hidden state,and the corresponding hidden state sequence is calculated through the observation state sequence of the multiple switches,and the hidden state sequence is used to determine whether there is a DDoS attack.Experimental results prove that the HMM model in this thesis has better performance and lower detection time,and can effectively achieve anomaly detection of attack traffic.(2)This thesis studies the tracing method of DDoS attack based on SDN network,including the source tracing algorithm based on the probe flow table entry and the source tracing algorithm based on the HMM model.Based on the probing algorithm of the probing flow table entry,the probing flow table entry is constructed,and the forwarding device processes and forwards the data packets at the starting point of traceability,the device along the way executes the traceback strategy to send the Packet-in message to the controller,and the Bayesian network model is introduced to calculate the target possibility.The traceability algorithm based on the HMM model collects and monitors network traffic information from the perspective of traffic,observes the traffic state at the victim and constructs the observed state,solves the state transition in the HMM model,and analyzes the distribution of abnormal flows.Experimental results show that the source tracing method proposed in this thesis can quickly trace the source under the condition of busy network and complex traffic,and provide reliable network traceability results.(3)This thesis studies the configurable network security experiment system based on SDN network,including large-scale network construction,network virtualization based on physical SDN switches,experimental modeling and network attack simulation,device management and experiment management,and link management And control,node data collection and analysis,attack detection and traceability,and many other functions and technical implementations,support for setting the delay and packet loss rate in the network link,performing attack simulation and other functions,for network security issues research and attack and defense experiments The drill provided a real and effective experimental environment.