Research On DoS Attack Detection And Defense Of DoS Based On SDN Controller

With the development of the Internet, the problems of traditional network architecture have become increasingly prominent in the flexibility and manageability. In order to solve this problem, in recent years, the software-defined network(Software Defined Network, SDN) that is a new network architecture is born, and it can make the data layer and the control layer decouple, with a focus on scalability and programmability features, making the network more flexible and controllable. Its core services, and other important configuration features are deployed on the SDN controller, which facilitates centralized network management. However, the network suffers from a new threat. If attacked SDN controller, the controller will affect coverage network-wide, in extreme cases can lead directly to the network paralysis.This paper focuses on the security issues of Do S attack of in SDN controller, and studies with the SDN programmable characteristics, and adopt the reliability, flow control as well as time series and other ideas, to change the request processing and flow tablestrategy. SDN controller is effective to increase the ability to detect and defense Dos attacks. Specifically, the paper made the following studies:(1)Inspired Flow Ranger queue prioritydefense algorithm, drawing on the traditional network flow control thought, the Do S Defense algorithm of SDN controller(TFC algorithm) based on the reliability and flow control is proposed. Firstly, the users' credibility is determined by the state of the controller when attacked.Secondly, the flow control thought of token bucket algorithm is adopted to reduce the probability of a request queue overflows, thereby to reduce the degree of congestion of the queue. Finally, the weighted polling scheduling policy is used, and the number of requests each forwarding is calculatedaccording to the credibility and the number of requests of users.Compared with the Flow Ranger algorithm and default FCFS algorithm, when the SDN controller encountered Do S attacks, the method has higher defense ability.(2) Based on the latest research results of the traditional Do S detection technology and the security problem of the SDN controller, the Do S detection scheme based on time series(TS scheme) is proposed. The scheme based on SDN network system has its own advantages, It makes a comprehensive judgment for Do S attack with using time series theory, combined with data plane, control plane traffic information of data traffic statistics in real time, and the use of the integrated controller of CPU and memory resources. Compared with the existing schemes, through the introduction of time series, this scheme can effectively reduce the misjudgment of the situation at the start, can improve the ability of detection and defense.(3) The TFC algorithm is proposed in this paper, and we adopt the discrete event simulation method to evaluate the performance of the algorithm and the page simulates three different modes of injection attacks, and get the information of the request number that the controller to handle by three mode injection attack, At last, the contrast. The TFC algorithm is proposed in this paper, and we adopt the discrete event simulation methods to evaluate the performance of the algorithm. Specifically the page simulates three different modes of injection attacks, and the information of controller handles requests under attack case is collected with three modes.At last, the contrast experiment verifies the TFC scheme proposed in this paper has a better Do S defense effect compared the Flow Ranger scheme and FCFS scheme.The TS scheme is proposed in this paper, and it is verified by the experimental with the Floodlight Controller and topology tool Mininet. The specific method is that first we do attack controller experiments, a analyzed the trends before and after the attack traffic, and get the statistics data of flow control plane and data plane, and seek the ratio Q of two planar data flow, then get the ratio Q of the safe rangeunder normal circumstances. And the change of the Q value determines whether the current network is under attack or not, and then obtain the data traffic threshold R time series model statistics, to control flow table and achieve the effect of defense, and then combined with the use of TFC algorithm further defense, the experimental results show that TS paper program in the face of Do S attacks have the effect of better detection and prevention, and after using the TFC algorithm, defense effect achieve further improvement.