Research On Distributed Denial Of Service Attacks In Software Defined Networking

In order to achieve the goal of centralized control and distributed forwarding,Software Defined Networking divides the routing control and data forwarding in traditional IP network and provides the software programmable method to simplify the management and configuration of the network.But this way also expands the threat of DDoS attacks.An attacker can attack any layer of the SDN network by launching DDoS attacks.SDN consists of infrastructure layer(data plane),control layer(control plane)and application layer.These three layers cooperate with each other to complete the forwarding of packets in the network.Cask principle determines the weakest layer in SDN will become the target of attacks and any functional layer in SDN is not available will lead to the entire SDN network not working.Therefore,this paper will study the characteristics of DDoS attacks in different layers of SDN network and the corresponding prevention strategies.Firstly,this paper summarizes the current research of SDN technology and its development,DDoS attacks and the corresponding defense strategies in traditional network and SDN network.Especially,the research of DDoS attacks and defense methods in SDN network is classified and summarized according to the characteristics of DDoS attacks in each layer of SDN.Secondly,for the SDN control plane.Taking into account that the SDN control plane DDoS attacks may cause the SDN network to face a single point of failure crisis,a variety of DDoS attacks and prevention strategies are proposed for this problem.In order to quickly break down the SDN controller,this kind of DDoS attacks has the characteristics of short launch time and large attack traffic.Specifically,aiming at solving the problem of DDoS attacks against this layer,this paper studies a variety of possible DDoS attack methods and proposes a “DDoS detection algorithm based on the fuzzy synthetic evaluation decision-making model” and a controller flow request scheduling algorithm “MSlot” to mitigate DDoS attacks.Theoretical analysis and simulation results demonstrate the feasibility of the DDoS attacks against the SDN control plane;For different DDoS attacks,the detection algorithm is more universal and accurate than the existing algorithm;When the SDN network is attacked by DDoS,the flow request scheduling algorithm “MSlot” is more efficient in protecting the network than the existing algorithm.Finally,for the SDN data plane.By comparing with the DDoS attacks in each layer of the SDN network,we clarified that the hidden DDoS attacks against the data plane has the characteristics of low speed,concealment and persistence,so it is difficult to be detected.This paper proposes a hidden stream DDoS attack algorithm,namely "fast fill hidden stream DDoS attacks" and the corresponding DDoS detection algorithm for SDN data plane hidden stream DDoS attacks.Theoretical analysis and simulation results show that the attack algorithm is faster and more effective than the existing algorithm;Compared with the existing algorithm,the detection algorithm avoids the extra communication overhead of the SDN secure channel,so it is more efficient.