Design And Implementation Of A System For Defensing DDoS Hybrid Attack Based On SDN

With the rapid development of the Internet,distributed denial of service attacks have also become increasingly intensive.Up to now,advanced attackers have not tended to use a single attack to fight,but based on the specific environment and dynamic combination of the target system,launch a variety of attacks,both with a large amount of traffic,but also the use of protocols,system defects,do everything possible to launch an offensive.From the previous DDoS single attack,it gradually turned to DDoS hybrid attack.However,today's DDoS defense mainly relies on expensive and proprietary hardware devices deployed in fixed locations.For the target to be attacked,it needs to face the cost of distributed attacks,analysis,response and processing of different protocols and different resources.Will greatly increase.Because the distributed traditional network architecture can not grasp the global network topology and network traffic changes in real time,DDoS hybrid attacks are difficult to defend.With the continuous development of SDN in recent years,it provides new opportunities and new perspectives for rethinking the defense against DDoS hybrid attack strategy.SDN has a logical centralized controller that provides a global network status that makes it easy to analyze traffic patterns.In addition,it can dynamically send a flow table to the SDN switch to update the forwarding policy,thus eliminating the need to replace expensive hardware devices,thereby saving costs.For these reasons,SDN brings new opportunities to defend against DDoS hybrid attacks in data center environments.This thesis seeks to address these limitations by building a DDoS two-layer defense system based on the new network architecture software-defined network(SDN).The work of this thesis mainly includes the following aspects:This thesis analyzes the characteristics of SDN architecture,studies the concept and principle of DDoS attack and some common attack methods and detection methods of DDoS.On this basis,a dual-layer DDoS hybrid attack intrusion prevention model based on SDN framework is designed.The first layer of the model uses flow sampling technology to detect,analyze,and process DDoS flood attacks.The second layer uses the detection network to perform intrusion detection on DDoS slow attacks.Then,based on the network traffic AR model,the first layer of the model improves the residual ratio anomaly detection algorithm and realizes the adaptive threshold.At the same time,the second-layer detection network core algorithm single pattern matching algorithm is studied.Improve.Finally,based on the designed intrusion prevention model,this thesis designs and implements the DDoS hybrid attack double-layer defense system based on SDN framework,and builds the SDN experimental platform to test the system function.The effectiveness of the first layer adaptive residual ratio anomaly detection algorithm is tested.At the same time,the improved algorithm and the original single pattern matching algorithm are compared in the second layer system,and the performance of the system function and the improved algorithm are verified.Through the above work,this thesis completed the function of the DDoS hybrid attack defense system based on SDN architecture,and improved the single mode matching performance.