| Software Defined Network(SDN)brings many advantages to the next-generation intelligent network by decoupling the control plane and the data plane.However,SDN has a contradictory relationship with Denail of Attack(DoS).On the one hand,it can provide more convenient and effective strategies for detecting and defending against DoS attacks.On the other hand,due to the separation of the data layer and the control layer,it's easy for the SDN network to introduce some new types of attacks.Based on the analysis of SDN network architecture features and DoS attack principle,DoS attacks targeting SDN networks are classified into three types: DoS attacks for client host,high-rate DDoS attacks for control layer and low-rate DDoS attacks for data layer.At first we propose a DoS detection method based on BP neural network that can simultaneously detect DoS attacks targeting client host and targeting the control layer.We extract six features from flow entry and use them as the input of FM machine learning.A DoS detection method based on FM machine learning is proposed.This method can detect low-rate DDoS attacks targeting data layer.In addition,according to the SDN flow table delivery mechanism,a DoS attack defense method based on dynamic deletion flow rules is proposed.The detection algorithm is verified under the Mininet simulation platform.The experimental results show that the DoS detection method based on BP neural network and the DoS detection method based on FM machine learning can effectively detect three DoS attacks for SDN networks respectively.And compared with other detect methods,our methods have higher detecting rate.Meanwhile,the effectiveness of the DoS attack defense method based on dynamic deletion flow rules is verified from two aspects: control flow table capacity and packet forwarding rate. |
PDF Full Text Request