Research On DDoS Attack Detection And Protection Mechanism In SDN

Software Defined Networking is a new type of network architecture.It utilizes the layered thinking to decouple the routing control and data forwarding in traditional IP network,so as to achieve the goal of centralized control of network.Control-forwarding separation is one of the main features of SDN,and attackers can make malicious use of it to launch attacks in SDN,which may cause network congestion.Distributed denial-of-service(DDoS)attack is characterized by destructiveness and wide-range,and is one of the major threats facing SDN.As the SDN architecture is widely used in cloud data centers,how to protect SDN is also a top priority.In this paper,a study,which involves in DDoS attack detection,attack source tracing and attack mitigation,is performed based on a comprehensive survey of present researches on the characteristics of SDN and DDoS attacks.Firstly,after analyzing the characteristics of DDoS attacks and improving the feature extraction method of traffic in traditional network,a feature vector consists of eight features that are extracted based on the flow table entries of OpenFlow switch,which can be better to distinguish between normal traffic and attack traffic in SDN.The limitation of using traditional machine learning methods to detect DDoS attacks is that historical features of traffic can not be used properly.However,the recurrent neural network(RNN)in deep learning can not only make use of the current sequence features,but also make use of the characteristics of historical sequences,which makes it possible to achieve a more accurate classification.Besides,this paper proposes an improved compression model for Long Short-Term Memory(LSTM)and builds a deep learning model based on the improved compressed LSTM to detect DDoS attacks.A DDoS attack detection method based on deep learning in SDN environment is proposed,which includes four procedures: collecting flow table entries,extracting features,classification detection,and deep learning model re-training.Secondly,an improved IP traceback algorithm based on PPM in traditional network is designed,which involves in tracking the location of attackers after-the-fact of DDoS in SDN.The algorithm utilizes 25 bits of three less-used fields in IP packet header as the tag space,and it consists of two phases: packet marking and path reconstruction.Besides,packet marking operation of the algorithm is applied to the Actions of Open Flow switch.Comparing to packet marking process of PPM in traditional network,packet marking process of the algorithm does not need to construct network topology,so it is more concise.At the same time,a dynamic probability is used during packet marking process to speed up tracking the location of attackers.Path reconstruction process of the algorithm uses tag packets to complete the reconstruction of an attack path tree by combining the controller's ability of mastering of entire network topology.Finally,after analyzing the shortcomings of attack mitigation methods in traditional network,a DDoS attack mitigation method in SDN environment is implemented by making full use of SDN features.The simulated SDN environment is set up through Mininet simulation platform to verify the feasibility of attack detection method,attack source tracing method and attack mitigation method involved in this essay,and this also provides researchers with an idea on how to secure SDN security in practical application scenarios.