| As a new network architecture,software defined networking is characterized by decoupling the control plane and data plane of the network.Thanks to the openness and standardization of SDN,researchers can design and implement new network functions and protocols in a simpler and more flexible method.OpenFlow protocols are mostly deployed in SDN,which provides communication between the controller and switches.However,the characteristics of programmable networks also bring a variety of potential security challenges such as scanning attacks,spoofing attacks,and denial of service attacks.Firstly,the security challenges of SDN switch plane,controller plane and channel plane are analyzed in this thesis,then it summarizes the existing solutions.Finally,a detection method based on C4.5 decision tree is proposed for DDoS(Distributed Denial of Service)attack,and also another detection method based on cross bit vector is proposed for detecting tampering attack.By performing the DDoS attack on the centralized controller of the SDN,the attacker may make the information unreachable and cause network congestion.In order to detect DDoS attacks,a new detection method based on C4.5 decision tree is proposed.By extracting switch flow entry information and training data set,a decision tree can be generated to classify the traffic.Finally,Mininet simulation environment is built to verify the superiority of the algorithm in detection success ratio,false alarm ratio and detection time.Tampering attack means when an attacker modifies a rule in the flow entry and causes the rule conflict in the network.This thesis proposes a cross bit map based conflict detection method,which improves the ABV algorithm used in the traditional network.The algorithm can reduce the space overhead while ensuring the detection success rate,and it can realize the detection of tampering attacks.Finally,Mininet simulation environment is built to verify that the method has a shorter detection time and consumes less memory. |
PDF Full Text Request