Research On DDoS Attack Detection And Path Backtracking Algorithm In SDN Environment

With the continuous maturation and development of computers,traditional network architectures have exposed many problems.Therefore,a new type of network architecture,Software-Defined Network(SDN),has emerged in this environment.SDN separates the control plane from the data forwarding plane.It uses a controller to centralize and control the entire network,and the underlying infrastructure is dedicated to forwarding data,improving network flexibility and programmability,reducing costs.However,SDN is also more likely to be the target of Distributed Denial of Service(DDoS)attacks while bringing new opportunities.Most of the DDoS attack detection and path backtracking methods currently used in SDN are borrowed from traditional networks and are difficult to adapt to the SDN architecture.This article is a new type of DDoS attack detection and path backtracking method that is proposed after fully understanding the new features of SDN and the shortcomings of existing methods.The two innovations and main research contents of this paper are described as follows:(1)DDoS attack detection method based on information entropy and Hurst index,this method combines information entropy ratio between the source IP address and the destination IP address and Hurst index to detect DDoS attacks.Information entropy can reflect the randomness of random variables.When there are a large number of source IP address spoofed and the destination IP address is centralized and single DDoS attack in the network,the ratio of information entropy between the source IP address and the destination IP address swells and exceeds the threshold.The Hurst index is used to reflect the self-similarity of the network traffic.If the network suffers a DDoS attack,the Hurst index will deviate from the normal range.When the two parameters of the information entropy ratio and the Hurst index are abnormal at the same time,it can be determined as a DDoS attack.By comparing the detection method with a single information entropy ratio between the source IP address and the destination IP address and a single Hurst index detection method through experiments,it is concluded that the detection method has a lower false alarm rate and a higher accuracy rate.(2)DDoS attack path backtracking method based on information entropy.This method proposes two algorithms,the algorithm for calculating the information entropy ratio at each port of the switch and the algorithm for rebuilding the attack path.The algorithm for calculating the information entropy ratio at each port of the switch is used to calculate the information entropy ratio between the source IP address and the destination IP address of each port,to judge whether the information entropy ratio between the source IP address and the destination IP address exceeds the threshold,determine whether the port is on the attack path.Then use the attack path reconstruction algorithm to restore the attack path.This method is very effective when only one DDoS attack occurs on the network at the same time and the attack traffic is greater than normal traffic.By comparing this path backtracking method with the backtracking method of the DDoS attack path in the existing SDN,it is found that this method remedies the deficiencies of the existing methods,better tracing back the attack path,and facilitating the rapid development of the next step of defense work..After simulation experiments,the DDoS attack detection and path backtracking methods proposed in this paper for the SDN environment can effectively detect DDoS attacks and trace back the attack path,which will contribute to further improve the network security of the SDN architecture.