| Software Defined Network(SDN)is an emerging network architecture which can manage network more flexiblely by decoupling of data plane and control plane,centralized management and programmable interface.On the other hand,distributed denial-of-service attack(DDoS)is a rapidly growing problem which poses an immense threat to the Internet.This thesis focuses on DDoS defense mechanism taking advantage of Software Defined Network.This thesis investigates Software Defined Network and OpenFlow protocol systematically,aiming at studying and analyzing DDoS method and the relevant existing DDoS defense mechanism.Then it proposes an attacker segregating mechanism based on SDN.Subsequently,this thesis provides a more efficient method,for which the performance of the algorithm is verified by numerical simulation.This thesis also sums up some traceback methods whose advantages and disadvantages are compared and analyzed.Parcularly,this thesis establishes a graph model representing SDN.Then a traceback algorithm which has many advantages compared with the traditional traceback algorithm is proposed.Attacker traceback becomes more efficient because of the centralized control and global network information.In addition,the SDN-based mechanism prevents the attacker from sending false information to interfere with the result of tracing the source.Then this thesis provides simulation results under fat-tree network structure to verify the feasibility of the proposed mechanism.In the end,this thesis summarizes the research results,and points out the future works of this topic. |
PDF Full Text Request