| Distributed denial of service attack (DDoS) is currently one of the main network security threats. Although the DDoS mechanism is widely understood, its detection is a very hard task because of the concealment and distribution. In this paper, we performed a study on DDoS detection and reaction issues on the basis of a comprehensive survey of present researches on the characteristics of software defined network and DDoS attacks.Firstly, compared with the traditional detection methods which only considered and tested a single link or victim network, this paper proposes a novel DDoS attack detection method, which constructs the effective global network flow-table characteristic values based on software defined networking (SDN). This method which combined with the feature selection algorithm optimizes flow-table features and designs an improved classification algorithm for DDoS attack on-line detection. Experimental results show that the method improves the detection rate and reduces the false alarm rate based on DARPA 99 and CAIDA DDoS 2007 dataset with good comprehensive performance.Secondly, this paper proposes two suitable attack mitigation methods for SDN, including ACL and traffic management. The commands of mitigation are generated based on defined strategy and a global view on the whole network, then through controller are deployed on the appropriate switches.Finally, one application of DDoS defense is designed and validated based on OpenDaylight. This paper proposed the framework of attack defend application, and described the functions needed to be implemented based on open source controller. Through running and deploying the application on software defined networking emulated environment, the result proved the validity and correctness of the application, including attack detection and mitigation. |
PDF Full Text Request