Research On SDN Network Load Balancing And DDoS Attack Defense Technology Based On OpenFlow Protocol

Since the beginning of the 21 st century,both software and hardware of computer have developed rapidly.New technologies represented by cloud computing and big data had a tremendous impact on society.However,the development of computer networks is relatively slow,and because of the complexity of the protocol algorithms,insufficient performance of network devices easily occur in traditional network.Due to the lack of consideration of security issues in the early stage of development,the traditional network security incidents occur frequently,which has not been solved well yet.The user's demand for network device performance and security needs cannot be satisfied.In recent years,a new technology named software-defined networking(SDN)has been put forward with the continuous efforts of researchers.This innovative technology with a simple network structure and flexible programming control features has provided a different development direction for computer networks.Compared with the customary network,the SDN network adopts an architecture with three layers: the infrastructure layer,the control layer,and the application layer.The control layer provides a northbound programming interface to the application layer.Developers can control the infrastructure layer by programming the controller and control network devices to implement various network functions.The Open Flow protocol is the mainstream protocol of the SDN network which defines the southbound communication standard of between the controller and the switch.The controller sends control information to the switch in the form of a flow table,then the switch implements traffic forwarding control.This paper studies the architecture and technologies of the SDN network,while the principles and implementations of the Open Flow protocol are analyzed.A dynamic weighted minimum number of connections scheduling algorithm based on the performance of server cluster nodes has been proposed in this paper.The algorithm takes advantage of the SDN's numerical control separation and programmability,obtains the real-time performance of each node of the server and calculates the dynamic weight.Combined with the current number of connections of the server nodes.The simulation results show that the load balancing algorithm can realize the relative load balance of each node which is better effect than the traditional network load balancing algorithm.Distributed Denial of Service(DDo S)is one of the most detrimental and difficult attacks for the current network.It exhausts the legitimate network by sending attack traffic continuously in a short period of time with controlling a large number of puppet machines.DDo S attacks deplete the server's host and network resources to prevent ordinary users from using the services.Although the traditional detection and defense methods have certain effects,the impact on the network is unacceptable,which usually leads to network equipment failure and makes the network paralyzed.To solve this problem and protect the legitimate network,this paper proposed a DDo S attack defense system based on the machine learning algorithm in the SDN network.The algorithm uses the information entropy change of network equipment as the basis for judging the occurrence of the DDo S attack.Information entropy is a measurement for the randomness of traffic in the network.Under normal circumstances,network traffic has high randomness.When the network node information entropy is lower than the threshold,it can be preliminarily judged that a DDo S attack has occurred then send out alarm information.The detection of the attack is only the first step to defend against DDo S attacks.After detecting the attack,the defense system calls the SVM-KNN classifier to classify the traffic,which can more accurately distinguish normal traffic from attack traffic,and then generates access control list(ACL)based on the classification information,then deploys a three-dimensional defense system on the full-path network between the attack source and the target.The simulation experiment proves that the DDo S attack defense system has a better attack detection rate and interception rate.