Study On DDoS Attack Detection In Software Defined Networks

Software Defined Networks(SDN)is a new type of network model.Different from traditional networks,SDN network achieves the decoupling of the data forwarding plane and the control plane,realizes the software of the network,and improves the programmability.Distributed Denial of Service(DDoS)means that an attacker sends a large number of service requests to a victim host,which consumes a lot of system resources and bandwidth.As a result,normal service requests cannot be answered and processed.As DDoS attacks have become an important challenge for the current development of the Internet,many scholars have studied the DDo S attack detection under the SDN network.However,there are still problems such as small scope of detection data and low accuracy of attack recognition.This paper proposes an SDN security architecture for detecting DDoS attacks.The architecture is mainly divided into three modules: data collection module,network attack detection module,and network attack response module.The implementation of the architecture includes two processes.One is the offline training of the security detection model.In the training process,a combination of random forest and selective integration methods is used to improve the classification accuracy and reduce the prediction time;Second,the security detection model is deployed under the SDN network,using on-line mixed data collection methods,expands the scope of detection data,and improves the detection of DDoS attacks in the network rate.We use Python to implement the attack detection model.The accuracy of attack detection,the modeling time and test time of the detection model are compared with the random forest algorithm.Experiments show that the algorithm of the article has a better accuracy of attack recognition,less modeling time and test time.Then we use the Mininet to deploy the SDN network environment,and the off-line implementation of the attack detection model is tested and verified online.The experimental topology is set up and the traffic is generated online,and the data is collected online using the method of hybrid data collection.The results show that hybrid data collection method improves the detection rate of attacks in the network and saves flow table space.