Research On DDoS Attack Defense Mechanism Based On SDN

The rapid development of the Internet has profoundly changed people's production and life style.While the network brings convenience to people,there are also many security problems.The traditional network architecture with IP as the core is cumbersome and inflexible,which can not meet the needs of network management.Software defined network(SDN),as a new network architecture,separates the network control function from the network equipment,concentrates it on the controller,and gives the network programmability.These characteristics make the network more flexible,intelligent and open,they also simplify the network configuration and save the cost of operation and maintenance.Distributed denial of service(DDoS)is simple,destructive and lack of feasible countermeasures,which has become one of the main factors threatening SDN security.With the development and popularization of SDN,how to enhance the security of SDN has become a research hotspot.On the basis of summarizing the architecture and working principle of SDN,the paper focuses on the DDoS attack detection and tracing methods in SDN network.The specific work can be divided into the following points:1.Aiming at the problem that the controller burden is too heavy in the traditional centralized detection scheme,a DDoS attack detection method based on edge switches is proposed.The method sets the initial detection module at the edge switches.Based on the information entropy of the destination IP address and the number of flow tables,a fast anomaly early warning mechanism is realized.Because the calculation process of information entropy is simple and takes up less resources,such a design can not only make full use of the idle computing resources in the switches,but also effectively reduce the workload of the controller.This is of great practical significance.At the controller,the modules of traffic collection,feature extraction and attack detection are set.By extracting five typical features of the flow as the input of the random forest model,the attack flow is further accurately detected.The detection process of the controller only starts after receiving the warning from the edge switches,this avoids the waste of resources on the controller when the network is normal for most of the time.With the increase of the network scale,this gain becomes more and more prominent.2.When DDoS attacks are detected in the network,a cross layer cooperative DDoS attack tracing system is designed.The system fully combines the global network view characteristics of SDN,sets topology sensing module at the controller which generates switch port mapping table.This simplifies the traditional deterministic packet marking algorithm.It sets up data recording module and feature matching module at the edge switches to make full use of the idle computing resources.When the switches detect an exception,the data recording module starts to record the information of the flows,including source IP,destination IP,switch identification,entry port,protocol type and arrival time.When the controller determines that the attack occurs,the attack packet features are issued.Through matching analysis,the edge switches obtain the port of attack flow into the network,and then blocks the attack at the source.The whole process does not modify the data package,which greatly reduces the complexity of the traceability system.Its early warning mechanism can also effectively reduce the workload of the controller.3.A DDoS attack defense system based on SDN is designed in combination with attack detection and attack tracing.The system makes full use of the characteristics of SDN architecture and idle computing resources of switches.It places some simple statistical work on edge switches,and reduces the workload of controller effectively by introducing early warning mechanism.This provides new ideas and methods to the defense research of DDoS in SDN.