DDoS Attack Detection And Defense Technology Research For SDN Controller

Software Defined Network is a new paradigm in network management that separates control plane and data plane.The controllers in control plane manage all the network devices in data plane,the network devices in the data plane just forward data packets according to these controllers' instructions.A control plane has an important role in managing the whole networks.Since SDN introduces control plane as the manager of the network,it also introduces the single point of failure.When SDN controller is unreachable by the network devices,the whole networks will collapse.One of the attack methods that can make SDN controller unreachable is DDoS attack.So,it is very important to protect SDN controller.This paper does the research of DDoS detection and defense for SDN controller,aims to propose an effective detection method and an effective defense method.First of all,compared with the disadvantages of the existing detection methods,this paper proposes a DDoS attack detection method for SDN controller based on improved information entropy with the research of the characteristics of SDN and DDoS attacks against the SDN controller.The detection method analyses the distribution of Packet-in packets which switches submit to controller in time windows,and calculate the traffic probability of each time window According to the poisson distribution formula,then calculates the information entropy value within the time window according to information entropy formula,eventually compares the information entropy value with the threshold to check DDoS attacks against SDN controller.Finally,contrast experiments show that the detection method has higher detection rate under three different attack strategies.In order to filter out attack traffic effectively and ensure that SDN controller can work normally,this paper proposes a DDoS attack defense method for SDN controller based on dynamic threshold and the credibility of source IP,according to the capacity of the controller.Firstly,this method analyses the historical traffic which edge switches submit to the controller in time windows with exponential smoothing,and calculates the optimal smoothing parameter of each edge switch.Eventually it calculates threshold of edge switch in each time window.When the requests of each edge switch are more than threshold,the evaluation of IP credibility is used to calculate the priority of every request,and the request which has higher credibility will be sent to the controller.Finally,contrast experiments show that the defense method can filter out attack traffic effectively when DDoS attacks against SDN controller happens and it can guarantee the quality of service of the SDN controller.