Research On DDoS Attack Detection And Defense Methods In Software-Defined Networking

Software-defined network(SDN)is a new type of network design concept.Its core idea is to separate control logic and forwarding logic into two planes: a centralized control plane and a distributed data plane.This design makes it have the characteristics of centralized control,decoupling of control plane and data plane,and strong programmability.Therefore,this design of SDN has attracted great attention from academia and industry.In addition,more and more network scenarios,including backbone networks,wireless networks,and data centers,have adopted SDN to improve network management.However,SDN is not absolute secure,and it still faces many security challenges.Among them,Distributed Denial of Service(DDoS)is a serious threat to SDN network security.This paper introduces and analyzes the DDoS attacks of servers in the SDN environment,and proposes two solutions to detect and prevent the problems that may be caused by DDoS attacks:(1)DDoS detection and defense mechanism based on cognitive computing in SDN.Most existin schemes only perform DDoS attack detection and do not address how to defend and recover after detecting DDoS.In this scheme,a DDoS attack detection and defense mechanism based on cognitive-inspired computing with dual address entropy is proposed.The flow table characteristics of the switch are extracted,and a DDoS attack model is built by incorporating the Support Vector Machine(SVM)classification algorithm.This mechanism can realize real-time detection and defense at the preliminary stage of the DDoS attack and can restore normal communication in time.The experiment shows that our mechanism not only detects attacks quickly but also has a high detection rate and low false positive rate.More importantly,it can take appropriate defense and recovery measures in the time after the attack has been identified.(2)DDoS attack detection and defense mechanism based on self-organizing mapping neural network(SOM)in SDN.Currently,many papers use machine learning algorithms to detect DDoS attacks in SDN.These single machine learning algorithms are looking for a balance between detection accuracy and processing time.This scheme proposes a DDoS attack detection and defense mechanism based on the SOM in the SDN environment.We first extract flow table information from the switch,and then input it into the SOM algorithm as the feature vector to reduce the dimension of the data.Then,the k-Nearest Neighbor(k-NN)algorithm is employed to traffic classification,and the controller is issued a policy to block DDoS attack traffic.Finally,the port recovery method is used to reduce the loss of normal communication caused by blocking DDoS attack traffic.The experimental results show that our mechanism cannot only maintain the appropriate accuracy but also reduce the processing time.Furthermore,it can recover port communication in a short period of time.