Research On Detection And Protection Of DDoS Attack In SDN

With the rapid development of networks,the Internet has become indispensable in people's daily life.However,when enjoying the high speed and convenience brought by the Internet,people are also facing some severe problems.In the traditional Internet architecture,the complex network device configuration,different types of equipment,bad scalability and other defects and issues have made the Internet increasingly hard to meet the demands in an era of flexible and efficient network management.As a new network architecture,the Software-Defined Network(SDN)concept was born accordingly.This new type of network architecture breaks down the inherent vertical integration mode of traditional network architecture and provides a new experiment for network architecture research with many advantages(e.g.,the separation between the data plane and the control plane,and the open and programmable characteristics),thus extremely promoting the development of the Internet.Nowadays,by relying on its wide range of applications,the SDN network architecture has shown huge advantages in cloud data centers.So,how to ensure the security of SDN has become an increasingly prominent issue.This study explores the SDN environment,DDoS attack detection and protection methods.The specific research work is as follows:(1)This study researches the problem of DDoS attacks in the SDN network architecture,and proposes using PCA to map the measurement data to a new set of main axes or components.Each main part has the direction of the maximum change in the data or the remaining energy(given that the energy components have been previously considered)for the traffic characteristics analysis method and solves the SDN detection network architecture for DDoS attacks.First,it uses the characteristics of the SDN network architecture to collect traffic data and establishes measurement matrices in terms of time and traffic.Then,according to the eigenvectors and eigenvalues of the traffic in different time series,it obtains the original matrices in a distinct time series.Finally,the original matrix is divided into regular components and irregular ones.Projecting them on the corresponding subspace forms the foundation for performing a linear transformation.In this process,the occurrence of anomalies will lead to obvious changes in the remaining components.The results from calculating the squared forecast errors can help count and monitor the abnormal changes in other elements.Experiments demonstrate that the proposed detection method can detect and respond to DDoS attacks quickly and effectively.(2)To address the problem of DDoS defense under the SDN network architecture,this study proposes a method to blend and suppress the impacts of attacks.It is proposed first to use the virtualized security computing centers to create security devices containing preset security rule bases,and then to conduct traffic traction through the characteristics of the centralized control over the SDN network.this method will detect the data containing DDoS traffic through forwarding rules,so as to guide the virtual security devices for processing and suppress DDoS attacks under the SDN network architecture.After model attacks and threats are detected,a defense strategy library based on the known threats is built.The defense strategy database contains different types of attacks as well as the corresponding defense strategies.After the traffic detection is completed,the usual or unusual traffics in the headers of packages are marked up according to the encoding of context.After the suspicious traffics are detected,the resource scheduling is performed to identify the virtual defense devices which are to be instantiated.According to the heuristic algorithm of resource scheduling that has been designed,the attack traffics are forwarded to the virtual security devices to mitigate the impact of such attacks.Experiments verify that this method for protecting against DDoS attacks can effectively mitigate the influence of attacks,reduce network delays and improve network availability.This study adopts the idea of first detecting and then defending against DDoS attacks under SDN.And it implements an Mininet network simulator to make simulation and reach conclusions.The simulation experiment results prove that the detection model designed by this study can well capture the presence of DDoS traffic in SDN.Compared with the traditional Shannon entropy detection method,the proposed method can deliver a better detection effect and lower the CPU consumption.At the same time,it has a significant detection effect for DDoS attacks against the whole network.The defense module also delivers very forceful protection and inhibition effects when a large amount of instantaneous attack traffics are existing.After the protection policy model is turned on,the access delays in the target hosts can be reduced significantly,and the performance is also very outstanding in the number of flow tables issued.