| Software Defined Network(SDN)is a new network architecture in which the data plane and the control plane are decoupled. In SDN, the data forwarding function is achieved by using general devices while the control function is implemented by software. OpenFlow Protocol as the implementation method of SDNarchitecture has been applied in many aspects such as load balancing, traffic management, routing, etc. DDoS attack has become one of the major threat to current Internet. The attacker firstly gains the control of a large number of hosts. Then by controlling these hosts to send illegal packets to the victim simultaneously, the attacker can easily exhaust the bandwidth or computing resource of the victim.In this thesis, we firstly introduce the character of SDN, as well as the DDoS attack and defendce method. Then we introduce current DDoS detection method for SDN, and based on this, we improve a method to detect DDoS attack by utilizing entropy computing, meanwhile, we verify the feasibility of this method by experiment. Then we design a modular DDoS detection and defence system which has three main modules: FlowTable Collection Module, DDoS Detection Module and DDoS Defence Module. At last, the validity of the system is proved through experiment which is based on Mininet. |
PDF Full Text Request