Research On Defense Mechanism Against The DDos Amplification Attack In SDN

As a common and harmful way of attacking, DDoS amplification attack is often lauched by hackers to attack networks. Because the DNS servers are accessible and open, many hackers often uses DNS amplification attack. To defend against this kind of attack, traditionally,people often deploy the specific hardware platform beside the gateway to defend agaist DDoS attack, or filter the traffic beside the network element.But these ways are usually invisible and inflexible, even needs professional equipments which are expensive.As one of the future architecture, the SDN also faces the same threats as traditional networks. But the visibility and grogrammability of the SDN provides new ways to deal with the network attack. By making full use of the above advantages, we propose a defense mechanism against the DNS amplification attack which consists of three phases, including the initial attack detection phase, attack confirmation and victim protection phase and zombies recognition and isolation phase.1) In the initial attack detection phase, the mechanism monitors the speed of the DNS request packets initially, then calculates the entropy for the overspeed packets' source IP addresses to evaluate the their degree of concentration, whether the attack may occur and finds the suspicious victim.2 ) In the attack confirmation and victim protection phase, the mechanism uses the visibility of the SDN, and the flexibility of the OpenFlow to compare the number of the DNS request packets with that of response packets and confirm whether the attack occurs accurately. At the same time, the victim is protected with a quick response. The influence on victim's normal DNS visits is also very small in this phase.3) In the zombies recognition and isolation phase, the mechanism uses the port records of the malicious packets to retrace the attack route,pinpoints all the zombies and isolates them from the network qiuckly.Afterwards, the whole network will return normal state. Finally, we set up the topology by Mininet and deploy the mechanism in Ryu controller to do experiments, analyze the results and evaluate the performance of the proposed mechanism.The results of experiments prove that the proposed mechanism is efficient and stable. The proposed defense mechanism provides new and flexible methods to defend against the DDoS amplification attack.