Research And Implementation Of DDoS Defense Mechanism Based On SDN

Due to the existence of security vulnerabilities in traditional network architectures,distributed denial-of-service attacks have not been eliminated,but have become increasingly fierce.In order to reform the drawbacks of the traditional network architecture,the industry has proposed a software-defined network.The characteristics of its centralized control network provide support for defense against DDoS attacks.Therefore,research on the defense of DDoS attacks based on software-defined networks not only satisfies the actual needs,but also conforms to the trend of the times.This article examines the issue of defending distributed denial of service attacks based on software-defined networks.The research from three aspects are:deployment of SDN controllers,traffic filtering of DDoS based on SDN,and dynamic load balancing of SDN under DDoS attacks.At the end of the article,the DDoS defense system was implemented based on the contents of the previous sections.First,in order to improve the operating efficiency of SDN and improve the ability of SDN to respond to DDoS attacks,the problem of controller deployment in SDN is studied and a NOPK algorithm is proposed.The NOPK algorithm aims to reduce the total number of hops from the controller to the controller and the controller to the switch.Experiments show that NOPK can effectively improve the above optimization goals.The content studied in this chapter can be used for network deployment in subsequent chapters.Secondly,the problem of DDoS traffic filtering based on SDN is studied and the HHHscore algorithm is proposed.Use sflow protocol for data collection,introduce multiple classification features and data packet scoring mechanisms,and filter DDoS attack traffic based on the score results.Experiments show that the classification accuracy of this algorithm is about 90%when dealing with various attacks.Since the DDoS defense mechanism cannot work immediately when a DDoS attack occurs,the SDN dynamic load balancing problem during DDoS attacks is studied and a DM solution is proposed.First,the remaining bandwidth of each link is calculated and the network traffic is estimated.Then,a set of paths with sufficient remaining bandwidth is calculated for network load balancing.Experiments have shown that when DDoS attacks are performed,this scheme enables the network throughput rate to reach 83%,which is higher than the comparison method.Finally,using the spring boot as a basic framework,the above content is systematically implemented and the system is proved to be effective.