Research On DDoS Attack Detection And Defense Scheme Based On SDN Architecture In Cloud Environment

As more and more applications are migrated to the cloud,the availability of cloud environments becomes more and more important,the distributed denial of service(DDoS)attack is one of the main threats to cloud environment availability.Compared with the traditional environment,DDoS attack in the cloud environment is more aggressive and the type of attack becoming diversified gradually.The software defined network(SDN)architecture with the characteristics of separating forwarding and controlling can effectively improve the efficiency of DDoS attack detection and defense,but when the attacker turns the attack target to the SDN controller,the network may be paralyzed.How to quickly detect and effectively defend against multiple types of DDoS attacks with greater attack strength in a cloud environment while ensuring the stability of the network system are urgently needed to be solved.The traditional DDoS attack detection and defense scheme are difficult to deal with high-intensity DDoS attacks in the cloud environment,and the type of attack detected in these scheme is single.The existing schemes for detecting and defending against DDoS attack using the SDN architecture still have the problems of low detection efficiency and single type of defending attack,and often lack of considering the SDN architecture itself as a DDoS attack target.Aiming at the above problems,we propose a DDoS attack detection and defense scheme based on SDN architecture in cloud environment.This scheme uses link bandwidth and data flow detection methods to detect different types of DDoS attacks in real-time,the filtering method to filter the attack packets,and the attack flow feature library to store the attack packet information to speed up the data processing rate of the controller.To prevent the SDN controller from failing,the multi-controller architecture is adopted,and the load balancing scheme based on the genetic algorithm is used to migrate the switch,thereby improving the ability of the attacked controller to defend DDoS attacks,avoiding controller failures caused by controller overload.Experiments show that the proposed scheme can effectively detect and defend against multiple types of DDoS attacks in the cloud environment,reduce the false positive rate and computing overhead while maintain high detection efficiency;What'smore,the transfer costs are reduced and the controller's ability of resisting DDoS attacks is improved by properly adjusting the load between the controllers,which effectively avoid the single point failure of the controller and ensure the availability and stability of the system.