| In recent years,distributed denial of service(DDoS)attacks have shown an upward trend in both size and frequency.Because it is difficult to distinguish between malicious traffic and normal traffic,some defense mechanisms cannot achieve the desired effect.Moreover,the logic and data coupling of traditional networks cannot flexibly mitigate DDoS attacks.Software-Defined Networking(SDN)technology separates the data plane from the control plane in the network,decoupling data and logic,and giving the network greater flexibility,but some rules are formulated by domain experts or manual To be done.How-ever,deep reinforcement learning technology can interact with the environment and learn some rules intelligently.This paper proposes a framework for mitigating DDoS attack traffic deployed on the SDN application plane.The framework periodically obtains the traffic statistics of ports and flow tables from the access switch.After processing,it is input as a feature to the deep reinforcement learning model for training.By counting the proportion of le-gitimate traffic and malicious traffic reaching the server as evaluation criteria,it guides intelligence.To make effective rules.The framework implements intelligent traffic mit-igation by issuing rules to access switches for flow control.Based on the above methods,this paper implements a DDoS attack traffic mitigation system.The system includes a pre-configured module,a data collection and processing module,a deep reinforcement learning agent module,a DDoS attack mitigation action delivery module.Finally,this article carries out experimental verification and evaluation of the above system training effects,and compares and analyzes with the other two methods.The ex-perimental results show that the framework proposed in this paper can effectively miti-gate the malicious traffic of DDoS attacks,and at the same time guarantee the access to server resources of legitimate users. |
PDF Full Text Request