Research On DDoS Attack Detection And Protection Based On Multi-dimension Conditional Entropy In SDN

With the continuous development of the new era, the scale and complexity of business of network increasing, a new network architecture, Defined Network Software(SDN), becomes more and more attractive and popular. However, SDN provides convenience to the network construction as well as brings new security risks. During to the single point of failure in the network security risk, SDN is vulnerable to be attacked by distributed denial of service(Denial of Service DDo S, Distributed) attack. There are many different kinds and means of DDo S attacks, which is one of the popular network attack methods at present. Currently a lot of researches on DDo S attack detection and protection are mostly in traditional network environment, but the effect is not ideal in the SDN environment.At present, the method of DDo S attack detection in SDN is mainly based on the idea of intrusion detection, dividing into two categories, misuse detection and anomaly detection: misuse detection can accurately detect known attacks, but not new attacks; anomaly detection can detect known attacks and new attacks, but the false positive rate is high. This dissertation belongs to the anomaly detection range. Anomaly detection algorithm is divided into the algorithm based on statistical analysis and based on machine learning. The former is applied traditional network DDo S attack detection algorithm without the support of SDN features and the latter takes too much resources and time to meet the SDN’s need for network rapid configuration because of complex algorithm and long training time. Further researches of DDo S attack protection method in SDN progress slowly. It is difficult to achieve the perfect application of traditional programs, and new schemes have failed to combine with attack detection methods, resulting in disconnection of detection and prevention, increasing the difficulty and complexity of network deployment.DDo S attack detection and protection in SDN are discussed in this dissertation based on the same idea, combining with SDN own features and characteristics of DDo S attacks. And it put forward a kind of scheme of detection and protection based on multidimensional conditional entropy algorithm. The algorithm picks up flow table extractions from global flow table by SDN controller, then uses the software computing conditional entropy of multiple flow table extractions to get the multi-dimensional vector, furthermore takes advantage of sliding window non-parameter CUSUM algorithm to distinguish attack. When an attack is detected, the controller establish attack path by the analysis of multivariate conditional entropy, tracing to find the source of the attack. Further the controller send new flow table to switches near source, in order to adopt a variety of attack mitigation measures, such as filtering attack data packets, restricting traffic sending rate, balancing link load and so on. The scheme proposed in this dissertation can effectively utilize the characteristics of SDN that are centralized control and software driven, and take less resources and time to detect and protect the DDo S attack quickly and accurately. The simulation experiment result show that the detection scheme significantly reduces the false alarm rate, and the protection scheme significantly reduces the attack traffic in the network, bringing new inspiration to the research of DDo S attack detection and protection in SDN.