DDoS Attack Detection Methods Research For SDN Network

SDN is a new network architecture with direct software programming which separates the control and forward function.OpenFlow is a communication standard of the technology of SDN network architecture.DDoS takes advantage of this potential security vulnerability to attack SDN.The attack poses a high threat to the security to SDN network and may cause paralysis of SDN network services.Method of DDoS attack detection has made many achievements in the traditional network architecture,whereas relatively few studies in SDN,there still has some existing problems of detection efficiency and accuracy in the DDoS detection method for SDN.This paper first introduces SDN network,analyzes the principle of DDoS attack and the attack detection method based on network layer.Then makes a study of DDoS attack detection method and optimization based on the abnormal flow characteristics of the network layer.Finally,carries on the research and improvement based on the control layer of SDN distributed network architecture,meanwhile,a SDN network distributed DDoS attack detection model is constructed.In the aspect of the pretreatment method of characteristics of DDoS attack detection method for SDN network,According to the characteristics of SDN network,studies DDoS attack detection feature extraction method of SDN network through the way of SDN network controller and OpenFlow switch information interaction.Morever,This paper introduces information entropy and one-way connection density principle to analysis the method of extracting features.In the aspect of detection algorithm,proposes K-SOM detection algorithm to improve the accuracy of the detection algorithm and an improved distributed architecture of SDN is put forward,In order to cope with the saturated flow form of attack DDoS attack better.At the same time,the model of SDN network distributed DDoS attack detection is established and from the aspects of accuracy and the rate of false positives to experiment for the model.The network experimental environment of this paper is built based on the improved SDN network architecture and SDN network controller FloodLight.The experiment certify the practicability and validity of the method postulated in this paper comparing with the DDoS attack detection method based on for anomaly analysis in current SDN network.Resultsshowed that the proposed method outperforms the existing methods in detection efficiency,accuracy and the false alarm rate.