Research On DDoS Attack Detection Method In Industrial Software Defined Network Environment

Software Defined Network(SDN)is gradually applied in the industrial internet with its characteristics of centralized control,software programmability and flexible flow control.Industrial Software Defined Network(ISDN)becomes emerging.Security is the basis of network application of ISDN.It is an urgent problem that how to construct the security environment of ISDN and to design a method for detecting DDoS attacks at present.By analyzing ISDN security requirements and the main attack scenarios,this thesis designs a DDoS attack detection method,and carries out the simulation and implementation.The main work is as follows:1.The network architecture of ISDN is analyzed,the attack methods and attack paths of DDoS attack under this architecture are summarized,and the current research status of DDoS attack detection in SDN and some common DDoS attack detection methods are investigated.Then an architecture of DDoS attack detection for ISDN is proposed.2.An attack detection mechanism for industrial wired network in ISDN environment is proposed.A corresponding attack detection mechanism is for the DDoS attack scenario of industrial wired network.The detection mechanism is triggered by the difference between the number of flow tables matched by SDN switches and the number difference between the information of requests received by SDN controllers and the flow tables processed by SDN controllers.The attack is further detected based on the entropy value of port's access information.3.An attack detection mechanism for industrial wireless network in ISDN environment is proposed.A corresponding attack detection mechanism is for the DDoS attack scenario of industrial wireless network.The flow characteristics of ISDN based on OpenFlow protocol are analyzed.Using the SDN controller to obtain the fields related to the source address information of industrial wireless networks to locate the attack.After calculating the access information entropy of some ports,the attack detection module extracts the anomaly flow table features,and uses decision tree algorithm to detect the flow table.4.A test and verification platform to verify the proposed methods is built.The security experimental platform for ISDN includes mininet simulation software,WIA-PA gateway and nodes,SDN switching devices and FloodLight controller.And the detection rate and false positive rate of attack detection mechanism in two kinds of attack scenarios respectively are tested.The test results show that the proposed attack detection mechanism can detect attacks in time and effectively,and the attack detection rate is over 99%.