Research On Detection And Defense Mechanism Of LDoS Attack In SDN Environment

With the rapid development of emerging technologies such as cloud computing and big data,network security has increasingly become the focus of attention.Low-Rate Denial of Service(LDoS)attack is a new type of network attack.It is mainly targeted at various adaptive mechanisms in the network,such as TCP congestion control mechanism and router queue management mechanism,having the characteristics of low average rate,high attack efficiency,and high difficulty of detection.Software Defined Network(SDN)is considered to be a hot development direction for next-generation networks.As a new type of network architecture,SDN networks are also threatened by traditional network attacks such as DDoS attacks and LDoS attacks.But,the separation of control and forwarding and the programmable network behavior of the SDN network provide new ideas for detecting and defending various attacks.In the SDN network based on the OpenFlow protocol,the controller controls the forwarding behavior of the switch by sending a flow table.At the same time,the flow table can be used to separately collect statistics on the traffic information of each flow.We propose an LDoS attack detection and defense mechanism based on the OpenFlow protocol.The reason why the LDoS attack is difficult to detect is because the attack flow is mixed in the normal traffic,and the average rate of the attack flow is very low,so that the mixed traffic mixed with the attack traffic has little difference from the normal traffic.SDN can easily separate the traffic of each flow,and the attack flow with periodic short-time high-speed pulse characteristics is filtered out from the mixed traffic,and we can detect the attack.Then,the attacker's MAC address and other information are extracted from the flow table information of the attack flow,and the attack defense is performed by sending the flow table.The detection and defense mechanism proposed in this paper is experimentally verified based on the Mininet network simulation platform.Experiments show that the mechanism can effectively detect LDoS attacks and can defend against attack behavior in a short time.