DDoS Defense System Based On Software-defined Networking

At present,Distributed Denial-of-Service(DDoS)Attack,with increasingly serious impact,has become one of the biggest threats to network security.Traditional defense mechanisms are based on static network and adopt methods such as instruction detection,traffic filtering and multiple authentication.These methods have obvious drawbacks as follows: It is difficult to achieve unified scheduling across the entire network,consumes lots of resources and it easily leads to increasingly heavier network equipment.Therefore,DDoS protection based on dynamic network has become a research hotspot in recent years.Among them,SoftwareDefined Networking(SDN)is a new typical dynamic network and provides inspirations to the defense of DDoS.The existing SDN-based DDoS protection solution has the following problems: it is difficult to weigh between the system overhead and detection period,wastes resource of switches in abundance and makes the network with low availability.Aiming at these problems,a DDoS detection scheme combined with trigger detection and in-depth detection,as well as a DDoS mitigation scheme combined with dynamic routing adjustment and active blocking are proposed.Finally,a DDoS defense system based on SDN has been implemented on the Mininet platform.The main work and innovations are as follows:1.A DDoS detection scheme combined with trigger detection and in-depth detection is proposed to solve the problem on the difficulty in tradeoff between detection period and system overhead.Firstly the trigger detection are implemented to track the time series of characteristics of the network traffic to achieve coarse-grained detection of abnormal traffic.Then taking advantage of time-based features,the in-depth detection are implemented to adapt the AdaBoost algorithm to preform fine-grained detection of abnormal traffic.Experiments revealed that the detection accuracy of AdaBoost algorithm is better than other classification algorithms,which reaches 97.7%.What's more,the DDoS detection scheme has the advantage of low overhead and low alarm rate.2.An improved CUSUM algorithm named SMNA-CUSUM is proposed to solve the problem of poor real-time performance and poor robustness in existing anomaly detection algorithms.Taking advantages of high sensitivity and low overhead of CUSUM,SMNA-CUSUM algorithm performs anomaly detection by tracking multi-dimensional sequences in real time and based on the cumulative deviation of statistical characteristics.A sliding-window mechanism is introduced to construct feature sequences and an adaptive threshold is introduced for adjustment between missed alarm rates and false alarm rates.3.A DDoS mitigation scheme combined with dynamic routing adjustment and active blocking is proposed to solve the problem of low network availability and delay in blocking.An improved K-shortest path algorithm is introduced to perform bandwidth-based routing,which enables the entire network to be dynamically routed based on traffic changes and to absorb malicious traffic in the face of attacks.In addition,an attack tracing method based on host behavior is introduced,followed by a real-time filtering solution based on dynamic flow table,to perform the blocking process.4.A packet filtering scheme based on flow protection mechanism is proposed in the mitigation scheme to solve the problem that the switches are occupied by a large number of invalid flows.The short idle timeout is set to enable the automatic deletion of invalid flows.In addition,a global whitelist mechanism is introduced to protect legitimate hosts from misjudgment.Experiments revealed that the proposed mitigation scheme has successfully filtered the malicious packets.What's more,22.7% of the flows have been deleted,which saved resources of switches.5.To verify the effectiveness of the proposed schemes,a DDoS defense system based on SDN has been implemented on the Mininet platform.A Fat-tree topology network is built and the simulation of normal traffic and DDoS attack traffic is performed to evaluate the defense system.Experiments revealed that the defense system has the characteristics of low system overhead,high detection accuracy,and strong practical value.