| The biggest characteristic of Software Defined Network(SDN)is the separation of control and forwarding.Because SDN adopts centralized control logic,it is vulnerable to various types of Distributed Denial of Service(DDoS)attacks.This paper studies a new type of SDN-oriented slow-rate DDoS(NS-DDoS)attack.It has the characteristics of low attack rate and high destructive power.Existing defense methods for SDN-oriented fast-rate DDoS attacks cannot mitigate this type of attack.This paper aims at an NS-DDoS attack.Based on the study of the attack principle and mechanism,two defense methods are proposed from the perspective of machine learning and statistical analysis.First,a DDoS attack defense method based on a decision tree algorithm is proposed.This method can effectively detect this new type of DDoS attack by extracting four effective features related to flow rules.The decision tree algorithm is used to train the data set and generate a new decision tree.And through the black and white list comparison method to achieve the purpose of defense of this new type of DDo S attack.Second,a DDoS attack defense method based on the Autoregressive Integrated Moving Average(ARIMA)model is proposed.This method predicts the state of the flow table through the ARIMA model,and dynamically adjusts the idle timeout according to the state of the flow table,which effectively prevents the flow table from being saturated and ensures the normal operation of the SDN.In order to further verify the effectiveness of the defense method in this paper,the two methods were deployed on the Mininet experimental platform and tested.Experimental results show that the DDoS attack defense method based on the decision tree algorithm has a higher detection rate,which effectively mitigates NS-DDoS attack.The DDoS attack defense method based on the ARIMA model effectively prevents the saturation of the flow table and improves the forwarding success rate of normal clients. |
PDF Full Text Request