Research And Application Of DDOS Attack Defense Technology Based On SDN

Software Defined Network(SDN)is a new network system.Because of its many advantages,such as loose coupling of control plane and data forwarding plane,centralized control of network state and flexible software programming ability,it brings great convenience to network configuration and update,traffic control.It effectively solves the problems existing in the current network system,such as limited expansion,low network flexibility and difficulty in meeting business requirements quickly.SDN has become the mainstream network architecture of cloud computing data centers in many large companies since it was proposed.However,as a new technology,SDN solves many security problems in traditional Internet network architecture,while introducing new security problems.With various network attacks in the current network more and more appear in SDN network,seriously affecting the further development of SDN.Distributed Denial of Service(DDOS)is one of the main attacks facing the current network.Although its principle and mechanism are widely understood and studied,many technologies have been developed to prevent such attacks.However,as more and more work moves to the cloud,the main positions of DDOS attacks have changed.More and more DDOS attacks appear in cloud computing networks and threaten the security of cloud computing environment.Faced with the new network environment,DDOS has produced new features,such as the scale and frequency of attack traffic,attack targets,technical means and so on,which have undergone tremendous changes.The traditional network defense methods of DDOS are not satisfied with the cloud computing environment.Therefore,this paper focuses on the analysis and research of DDOS attack detection and Defense Technology in SDN network under cloud computing environment.Firstly,the principle and common types of DDOS attacks are studied,and the main methods to detect and mitigate DDOS attacks are also discussed.Then the SDN network architecture and related technologies are described in detail.The OpenFlow protocol,SDN switches and controllers are emphatically introduced.Finally,the security risks at all levels of SDN are analyzed.Aiming at DDOS attack detection in SDN.Firstly,feature fields are extracted from switch flow tables and converted into eight traffic characteristics related to attacks.Relief feature selection algorithm is used to calculate eigenvalue weight of eight eigenvalues and rank them according to their sizes.The classification effect of support vector machine(SVM)classification algorithm is used to select the optimal feature subset for evaluation function.As the input of the classifier,the supervised machine learning algorithm is used to construct the classification model.Finally,the CICIDS 2017 data set is used to test and determine the best algorithm for detecting DDOS attacks.The results show that the proposed algorithm improves the speed of classification detection and has good comprehensive performance on the premise of guaranteeing the accuracy of detection.Secondly,aiming at the defense of DDOS attack in SDN network,the DDOS attack defense system in SDN environment is designed by analyzing the system requirements.The defense system includes flow table information collection module,DDOS attack detection module and attack mitigation module.The information collection module collects the flow table information and constructs the flow table feature information base to provide data support for the follow-up work.The attack detection module adopts the hierarchical idea,and takes the sending rate of Packet-In message as the prediction before the controller starts to acquire the flow table items.When the controller detects that the sending rate of Packet-In message exceeds the set threshold,it notifies the controller to start collecting flow table information by sending early warning information,and then analyses and detects the attack traffic in the network.The attack mitigation module receives the detection results of the detection module and formulates the corresponding mitigation strategy.In this paper,service redirection and traffic cleaning technology are used to deal with the attack traffic to ensure that SDN network can still provide normal service after being attacked by DDOS.Finally,we use Mininet network simulator and Floodlight controller to build a simulated SDN network environment,deploy defense system,and test the defense system designed in this paper.The experimental results show that the proposed detection and defense system can effectively detect common typical DDOS flooding attacks,and take appropriate defense measures.