Research On DDoS Attack Detection Based On SDN Flow Table Features

With the rapid development of the Internet in recent years,new technologies like Internet of Things,network of payment and 5G are flourishing.The disadvantages of traditional network are increasingly highlighted,and the protection of network security is becoming more and more important.Software Defined Network(SDN)is proposed to solve the shortcomings of traditional network.The core of SDN is to separate forwarding function and controlling function,and to reduce the coupling degree of each layer of the network.Distributed Denial of Service(DDoS)is a major problem threateninging network security,especially in SDN,centralized controlling makes it under greater threat.There are many kinds of DDoS attacks which are simple but hard to detect.Therefore,DDoS attack has become the main attack to network security.Based on the background,the thesis proposes DDoS attack detection based on SDN flow table features.The main missions are as follows:(1)Based on the existing DDoS attack detection algorithm under the SDN network and the traditional network,the thesis proposes a new DDoS detection method for the DDoS attack in the SDN.The core idea of this thesis is to extract the characteristics of the SDN flow table and classify the data according to the 6 tuples of the characteristics to detect DDoS.(2)The thesis designs and implements the DDoS attack detection algorithm based on SDN flow table features,which are mainly divided into three modules:collecting flow table module,extracting flow table features module and classifing flow table module.The collecting flow table module will send the flow table request to the switch and preprocess the data,and the switch will send the relevant flow table information to the collecting flow table module.After collecting flow table module collects the flow tables,extracting flow table features module extracts the received flow tables for feature extraction,and extracts the unique six-tuple flow table feature to DDoS attack data.The classifing flow table module classifies the data collected by the collecting flow table module and records the switch ID to find the location that DDoS attack occurs and judge if it is a DDoS attack.(3)Set up the experimental environment.In this thesis,the DDoS attack detection experiment on the SDN network architecture was carried out on the Mininet simulation platform.Based on the characteristics of SDN flow table,Floodlight controller is used to detect DDoS attack and perform contrast experiments.The experimental results show that the features selected in this thesis will change significantly when DDos attack occurs.The detection rate and false alarm rate are improved.Meanwhile,the time of the DDoS attack detection is decreased.