Research On DDoS Attack Detection And Active Defense Methods In SDN

Software-defined networking(SDN)is a disruptive innovation to traditional network technologies.Its biggest feature is the decoupling of the data forwarding layer and the control layer.Distributed Denial of Service attacks(DDoS)are simple and harmful to launch.Because of the characteristics of the SDN network architecture,when an attacker launches a DDoS attack on a target host,a large number of packets that do not match the flow table are sent to the controller,and many useless flow entries are delivered to the switch.DDoS attacks will not only cause great harm to the targets being attacked,but also the connected switches and controllers.So DDoS attacks are fatal to SDN-based networks.How to accurately and effectively detect DDoS attacks and actively defend against them is an important research direction of SDN security issues.This article conducts research on DDoS attack detection and active defense in SDN environment.The main work is as follows:(1)Aiming at the problem of DDoS attack detection in SDN networks,a DDoS attack detection method based on the combination of information entropy and PSO-BP neural network was proposed.The generalized information entropy method deployed on the switch is used to pre-detect network traffic,and the detection results are divided into normal and abnormal.The controller only needs to locate the switch that issued the alarm to collect the flow table information,and then use the BP neural network optimized based on the particle swarm algorithm to detect whether an attack occurs by extracting the relevant 6-element traffic characteristics.(2)Aiming at the problem of DDoS attack defense in SDN networks,an adaptive mobile target defense method based on end information hopping technology in SDN environment is proposed.Based on fixed-endpoint information hopping and combining SDN features,design hopping synchronization,hopping and forwarding,adaptive hopping strategies,and use the source address entropy value and data flow rate method to detect network conditions.According to the detection results,time-adaptive or space-adaptive jump adjustment is performed on the endpoint information to construct an adaptive active networkdefense model.(3)The DDoS attack detection method and the active defense method in the SDN proposed above were simulated respectively.The experimental results show that the proposed detection method guarantees the accuracy of detection,reduces the CPU usage of the controller,and has better comprehensive detection capabilities.The proposed active defense method has enhanced attack resistance and serviceability,and is more dynamic and security.