Research Of DDOS Distributed Defense System Based On SDN

The SoftWare Defined Network(SDN)is a new type of Network architecture,first proposed in 2006 by the Clean Slate team at Stanford university in the United States.The emergence of this architecture has revolutionized traditional networks.In the implementation of SDN,the open network foundation(ONF)offers an OpenFlow protocol that is widely recognized.Its core technology OpenFlow realizes the flexible control of network traffic through the separation of network equipment control plane and data plane,which provides a good platform for the core network and applied innovation.But its development is faced with many challenges,security is one of them.Based on this background,this thesis makes a detection research on DDoS of network architecture,SDN,and it puts forward a distributed defense system,the main work and achievements are as follows:(1)Based on the research for detection methods of DDoS of SDN network control layer,it is mainly for forwarding laminar flow table entries in the table,module convection flow table statistics table.The core idea of this method is divided into three aspects: flow table collection,flow table pretreatment and flow classification table.According to the standards of OpenFlow v1.0 agreement,it adjusts the appropriate cycle time of SDN to send packet switches of Ofp_Flow_Stats_Request.The flow table is processed by the feedback,and it will make a contrast to table features of the collected queue flow features,then send to detection module of the co(2)For the distributed defense of DDoS for SDN includes two aspects: one is in the control layer based on the entropy algorithm DDoS detection module and defense module.The detection module includes entropy calculation and attack judgment,and the attack judgment is made by comparing the entropy value with the threshold value.If there is an attack,then it will take defensed actions by adding the control layer in the ACL control and traffic management module to attrack traffic.If there is no attack,the traffic through the normal forwarding process.Second,the SDN application layer through the host identification,service redirection and traffic precision identification of three aspects of DDoS defense.(3)It builds an experimental simulation platform by setting up an experimental environment,using OpenDayLight controller,sFlow monitoring tools and Mininet emulator.Through the experimental results,it shows that,proposed research program for the DDoS attack,simulation attack can achieve the result that occupies a controller,and it has an obvious effect on network performance.And through the distributed defense system designed in this thesis,it can detect the attack in time,improve the detection rate of DDoS attack behavior and reduce the false alarm rate.Also it can detect attacks in time and be able to respond quickly to defense at the same time,and enhance the DDoS defense effect.